HDD Fehler, Desktop leer, Windows Rescue...

aupex · 06.06.2011, 19:57

Hallo,
Ich habe heute ein mir bisher unbekanntes, laut diesem Board aber bekanntes Problem.
Erster kam eine Fehlermeldung "HDD defekt..." danach kam das "Vista Recovery System".
Habe dann Neustart gemacht und danach einen Leeren Desktop und leeres Startmenü gehabt.
Die Logs von Spybot S&D haben folgendes um diese Uhrzeit vermerkt

Code:

ATTFilter

06.06.2011 13:22:24 Verweigert (based on user decision) value "ITBar7Height" (new data: "") gelöscht in User-specific browser toolbar!
06.06.2011 13:22:33 Verweigert (based on user decision) value "VyuAmrmEfIELC" (new data: "C:\ProgramData\VyuAmrmEfIELC.exe") hinzugefügt in System Startup user entry!

Allerdings stimmt das mit der User decision nicht.

Scans von Malware und OTL sind angehängt.
Bitte um Hilfe...

Malware:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6705

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

06.06.2011 19:20:17
mbam-log-2011-06-06 (19-20-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 210440
Laufzeit: 3 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Washer2.rar (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\31907576.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\programdata\vyuamrmefielc.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Aupex\AppData\Local\Temp\tmp2484.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Washer2.rar\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Washer2.rar\washer2.rar.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

OTL

Code:

ATTFilter

OTL logfile created on: 06.06.2011 20:09:01 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Aupex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,20% Memory free
6,21 Gb Paging File | 5,17 Gb Available in Paging File | 83,27% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 1,08 Gb Free Space | 3,17% Space Free | Partition Type: NTFS
Drive D: | 192,84 Gb Total Space | 12,20 Gb Free Space | 6,33% Space Free | Partition Type: NTFS
Drive H: | 7,45 Gb Total Space | 3,45 Gb Free Space | 46,27% Space Free | Partition Type: FAT32
 
Computer Name: STEFANLAPTOP | User Name: Aupex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Aupex\Desktop\OTL.exe (OldTimer Tools)
PRC - d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - D:\Program Files\Spybot2\SDWinSec.exe (Safer Networking Ltd.)
PRC - d:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\System Control Manager\edd.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Aupex\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVP) -- D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AdobeActiveFileMonitor8.0) -- D:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (SBSDWSCService) -- D:\Program Files\Spybot2\SDWinSec.exe (Safer Networking Ltd.)
SRV - (SbieSvc) -- d:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (NishService) -- C:\Programme\System Control Manager\edd.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\system32\DRIVERS\tdrpm251.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SbieDrv) -- d:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 B7 60 24 4D 07 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: KPSA-home-Priess@EasternGraphics.com:1.0.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.04.29 20:04:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.11 15:43:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2011.05.03 12:47:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins [2011.02.16 18:06:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8C17574E-F5C5-41b8-8B36-333FC7E67980}: D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\THBExt_2_x [2011.06.06 19:36:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}: D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\THBExt_3_1_x [2011.06.06 19:36:28 | 000,000,000 | ---D | M]
 
[2010.09.20 19:23:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aupex\AppData\Roaming\mozilla\Extensions
[2010.09.20 19:23:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aupex\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.06.01 21:43:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions
[2010.04.28 11:30:34 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.01 21:43:47 | 000,000,000 | -H-D | M] (Battlefield Play4Free) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\battlefieldplay4free@ea.com
[2011.02.26 22:42:26 | 000,000,000 | -H-D | M] (KPSA-Home (Priess)) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\KPSA-home-Priess@EasternGraphics.com
[2009.09.10 21:06:59 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Aupex\AppData\Roaming\mozilla\Firefox\Profiles\z8fjhgyp.default\extensions\moveplayer@movenetworks.com
[2010.03.24 16:13:02 | 000,000,917 | -H-- | M] () -- C:\Users\Aupex\AppData\Roaming\Mozilla\Firefox\Profiles\z8fjhgyp.default\searchplugins\conduit.xml
File not found (No name found) -- 
[2011.06.02 21:13:10 | 000,000,000 | -H-D | M] (Java String Helper) -- C:\USERS\AUPEX\APPDATA\ROAMING\5015
[2009.07.02 15:55:18 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.12.16 17:12:16 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.03.31 10:37:02 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.14 18:22:13 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.20 23:18:55 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.12 12:58:43 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.05 14:18:23 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.22 18:56:46 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2010.02.24 18:04:34 | 000,000,806 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 	127.0.0.1		localhost
O1 - Hosts: 	::1		localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot2\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - d:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CloneCDTray] d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Corel Reminder]  File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] d:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [NBAgent] D:\Program Files\nero10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TrayServer] D:\Program Files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot2\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: add to &BOM - D:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Alles mit FDM herunterladen - d:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - d:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - d:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - d:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Aupex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - d:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot2\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - D:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Aupex\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aupex\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1bbcd890-eeea-11de-b9ab-001d9250e6e2}\Shell - "" = AutoRun
O33 - MountPoints2\{1bbcd890-eeea-11de-b9ab-001d9250e6e2}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{2efc8af6-a9ea-11de-b4d8-001d9250e6e2}\Shell - "" = AutoRun
O33 - MountPoints2\{2efc8af6-a9ea-11de-b4d8-001d9250e6e2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{34d97eda-1ee7-11e0-9b61-001d9250e6e2}\Shell - "" = AutoRun
O33 - MountPoints2\{34d97eda-1ee7-11e0-9b61-001d9250e6e2}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{6be07ebc-4603-11df-8feb-001d9250e6e2}\Shell - "" = AutoRun
O33 - MountPoints2\{6be07ebc-4603-11df-8feb-001d9250e6e2}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{d249e3c1-ddc0-11dd-a09d-001d9250e6e2}\Shell - "" = AutoRun
O33 - MountPoints2\{d249e3c1-ddc0-11dd-a09d-001d9250e6e2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\setup.hta
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.06 19:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Suite CBE 11
[2011.06.06 19:37:36 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011.06.06 19:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.06.06 19:34:33 | 000,488,536 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.06.06 19:13:48 | 009,435,312 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Aupex\Desktop\mbam-setup-1.51.0.1200.exe
[2011.06.06 19:13:48 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aupex\Desktop\tdsskiller.exe
[2011.06.06 19:13:48 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Aupex\Desktop\OTL.exe
[2011.06.06 16:10:19 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.06.06 13:31:55 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.06.02 21:13:10 | 000,232,400 | -H-- | C] (Adobe Systems, Incorporated) -- C:\Users\Aupex\AppData\Roaming\AcroIEHelpe.dll
[2011.06.02 21:13:10 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\5015
[2011.06.02 21:12:57 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\xmldm
[2011.06.02 21:12:55 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\kock
[2011.05.31 17:14:05 | 000,000,000 | ---D | C] -- C:\Programs
[2011.05.29 09:59:08 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\Media Player Classic
[2011.05.26 18:15:45 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011.05.26 18:15:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011.05.26 18:15:30 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub
[2011.05.26 18:15:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub
[2011.05.26 18:15:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK
[2011.05.26 16:38:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.05.26 16:37:37 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011.05.26 16:37:36 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011.05.26 16:37:36 | 005,180,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011.05.26 16:37:36 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011.05.26 16:37:36 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011.05.26 16:37:36 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220140.dll
[2011.05.26 16:37:36 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322060.dll
[2011.05.26 16:37:36 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2011.05.26 16:37:07 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2011.05.17 16:43:24 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.14 21:41:46 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\Documents\MAGIX Downloads
[2011.05.14 21:41:33 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\MAGIX
[2011.05.14 21:39:48 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\Documents\MAGIX_Screenshare
[2011.05.14 21:39:30 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\Documents\MAGIX_Online_Druck_Service
[2011.05.14 21:39:19 | 000,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe
[2011.05.14 21:39:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\MAGIX
[2011.05.14 21:35:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\MAGIX Services
[2011.05.14 21:31:42 | 000,585,280 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\emBDA.sys
[2011.05.14 21:31:42 | 000,549,952 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\emOEM.sys
[2011.05.14 21:31:42 | 000,119,872 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\System32\emPRP.ax
[2011.05.14 21:31:42 | 000,080,896 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\emMON.exe
[2009.07.16 08:07:57 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe1201.dll
[2009.07.16 07:58:20 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe43CB.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Aupex\AppData\Roaming\*.tmp files -> C:\Users\Aupex\AppData\Roaming\*.tmp -> ]
[1 C:\Users\Aupex\AppData\Local\*.tmp files -> C:\Users\Aupex\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.06 20:10:50 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7E58F2E-7704-4F70-9EB3-32EB591D496C}.job
[2011.06.06 20:05:01 | 000,001,096 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.06 19:44:57 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.06.06 19:38:16 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011.06.06 19:34:33 | 000,488,536 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.06.06 19:28:32 | 000,001,092 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.06 19:28:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.06 19:28:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.06 19:28:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.06 19:14:13 | 000,000,708 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.06 17:23:16 | 000,606,105 | ---- | M] () -- C:\Users\Aupex\Desktop\unhide.exe
[2011.06.06 17:22:42 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aupex\Desktop\tdsskiller.exe
[2011.06.06 17:22:28 | 009,435,312 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Aupex\Desktop\mbam-setup-1.51.0.1200.exe
[2011.06.06 17:19:16 | 000,050,477 | ---- | M] () -- C:\Users\Aupex\Desktop\Defogger.exe
[2011.06.06 17:17:12 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Aupex\Desktop\OTL.exe
[2011.06.06 13:31:56 | 000,000,605 | -H-- | M] () -- C:\Users\Aupex\Desktop\Windows Vista Recovery.lnk
[2011.06.06 13:31:50 | 000,000,336 | -H-- | M] () -- C:\ProgramData\31907576
[2011.06.06 12:11:25 | 000,027,335 | -H-- | M] () -- C:\Users\Aupex\AppData\Roaming\nvModes.dat
[2011.06.06 12:11:25 | 000,027,335 | -H-- | M] () -- C:\Users\Aupex\AppData\Roaming\nvModes.001
[2011.06.06 11:29:16 | 000,138,264 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.06.06 10:41:33 | 000,523,061 | -H-- | M] () -- C:\Users\Aupex\mricrocosft.cab
[2011.06.04 22:06:30 | 000,131,072 | -H-- | M] () -- C:\Users\Aupex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.04 12:36:29 | 000,000,680 | -H-- | M] () -- C:\Users\Aupex\AppData\Local\d3d9caps.dat
[2011.06.02 21:13:10 | 000,232,400 | -H-- | M] (Adobe Systems, Incorporated) -- C:\Users\Aupex\AppData\Roaming\AcroIEHelpe.dll
[2011.06.01 23:57:17 | 000,138,056 | -H-- | M] () -- C:\Users\Aupex\AppData\Roaming\PnkBstrK.sys
[2011.05.31 22:57:06 | 000,001,396 | -H-- | M] () -- C:\Users\Aupex\Documents\test.xmr
[2011.05.31 17:59:32 | 000,001,042 | -H-- | M] () -- C:\Users\Aupex\Desktop\DVDVideoSoft Free Studio.lnk
[2011.05.31 17:59:26 | 000,000,882 | -H-- | M] () -- C:\Users\Aupex\Desktop\Free DVD Video Converter.lnk
[2011.05.30 17:01:48 | 000,000,559 | -H-- | M] () -- C:\Users\Aupex\AppData\Roaming\AutoGK.ini
[2011.05.29 21:02:45 | 000,233,242 | -H-- | M] () -- C:\Users\Aupex\Desktop\IMG_1068.jpg
[2011.05.29 20:55:34 | 000,112,686 | -H-- | M] () -- C:\Users\Aupex\Desktop\IMG_0252.jpg
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.18 18:43:47 | 000,002,413 | -H-- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2011.05.17 16:43:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.16 17:39:33 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.05.16 17:39:33 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.05.14 21:41:42 | 000,006,642 | ---- | M] () -- C:\Windows\mgxoschk.ini
[2011.05.12 16:50:48 | 000,055,531 | -H-- | M] () -- C:\Users\Aupex\Documents\inventurtabak10.pdf
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Aupex\AppData\Roaming\*.tmp files -> C:\Users\Aupex\AppData\Roaming\*.tmp -> ]
[1 C:\Users\Aupex\AppData\Local\*.tmp files -> C:\Users\Aupex\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.06 19:38:16 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.06.06 19:38:16 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.06.06 19:14:13 | 000,000,708 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.06 19:13:48 | 000,606,105 | ---- | C] () -- C:\Users\Aupex\Desktop\unhide.exe
[2011.06.06 19:13:48 | 000,050,477 | ---- | C] () -- C:\Users\Aupex\Desktop\Defogger.exe
[2011.06.06 13:31:56 | 000,000,605 | -H-- | C] () -- C:\Users\Aupex\Desktop\Windows Vista Recovery.lnk
[2011.06.06 13:31:50 | 000,000,336 | -H-- | C] () -- C:\ProgramData\31907576
[2011.06.06 10:41:31 | 000,523,061 | -H-- | C] () -- C:\Users\Aupex\mricrocosft.cab
[2011.05.31 22:57:06 | 000,001,396 | -H-- | C] () -- C:\Users\Aupex\Documents\test.xmr
[2011.05.31 17:59:26 | 000,000,882 | -H-- | C] () -- C:\Users\Aupex\Desktop\Free DVD Video Converter.lnk
[2011.05.29 21:02:44 | 000,233,242 | -H-- | C] () -- C:\Users\Aupex\Desktop\IMG_1068.jpg
[2011.05.29 20:55:33 | 000,112,686 | -H-- | C] () -- C:\Users\Aupex\Desktop\IMG_0252.jpg
[2011.05.29 09:31:24 | 000,000,559 | -H-- | C] () -- C:\Users\Aupex\AppData\Roaming\AutoGK.ini
[2011.05.26 16:37:36 | 000,004,755 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011.05.16 17:39:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.16 17:39:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.05.14 21:36:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011.05.12 16:50:47 | 000,055,531 | -H-- | C] () -- C:\Users\Aupex\Documents\inventurtabak10.pdf
[2011.01.25 16:02:14 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2011.01.25 16:02:14 | 000,032,768 | -H-- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2010.11.28 13:29:00 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\ss35pp.dll
[2010.11.02 14:37:07 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\pdf2html.dat
[2010.11.02 14:37:02 | 000,000,110 | -H-- | C] () -- C:\Windows\PDF2HTML.INI
[2010.08.26 22:34:46 | 000,360,723 | -H-- | C] () -- C:\Users\Aupex\AppData\Roaming\mdbu.bin
[2010.06.08 19:49:56 | 000,028,672 | -H-- | C] () -- C:\Windows\System32\nnr.dll
[2010.03.11 22:48:19 | 000,000,093 | -H-- | C] () -- C:\Users\Aupex\AppData\Local\fusioncache.dat
[2010.03.05 13:20:59 | 000,116,224 | -H-- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.02.24 18:41:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\setup_XP.ini
[2009.12.23 18:44:34 | 000,221,291 | -H-- | C] () -- C:\Windows\Imei_dll.dll
[2009.12.23 18:44:34 | 000,040,960 | -H-- | C] () -- C:\Windows\Sublock.dll
[2009.12.22 15:59:43 | 000,053,248 | -H-- | C] () -- C:\Windows\System32\CommonDL.dll
[2009.12.22 15:59:43 | 000,002,413 | -H-- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2009.09.17 22:46:44 | 000,085,504 | -H-- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.08.08 14:11:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.08 14:11:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.26 19:57:58 | 000,000,711 | -H-- | C] () -- C:\Windows\eReg.dat
[2009.06.16 19:08:52 | 070,641,406 | ---- | C] () -- C:\Programme\Microsoft Games.rar
[2009.06.05 17:30:48 | 000,000,082 | -H-- | C] () -- C:\Windows\odbc_merge.INI
[2009.06.02 20:38:33 | 000,000,680 | -H-- | C] () -- C:\Users\Aupex\AppData\Local\d3d9caps.dat
[2009.05.24 22:18:09 | 000,015,873 | -H-- | C] () -- C:\Windows\System32\Inetde.dll
[2009.05.18 13:31:18 | 000,027,648 | -H-- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.04.08 07:17:48 | 000,057,344 | -H-- | C] () -- C:\Windows\System32\FKStampPainter20.dll
[2009.03.22 20:49:16 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.03.07 13:59:28 | 000,000,166 | -H-- | C] () -- C:\Windows\homeDVD-Fotos4.INI
[2009.03.07 13:56:00 | 000,010,240 | -H-- | C] () -- C:\Windows\System32\vidx16.dll
[2009.03.07 13:55:53 | 000,019,968 | -H-- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009.03.07 13:51:56 | 000,000,089 | -H-- | C] () -- C:\Windows\magix.ini
[2009.03.07 13:51:54 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.02.03 12:55:22 | 000,000,239 | -H-- | C] () -- C:\Windows\Caligari.ini
[2009.02.02 20:10:14 | 000,303,104 | -H-- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.02.02 20:08:36 | 000,090,112 | -H-- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.02.02 20:08:22 | 000,086,016 | -H-- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.01.25 23:10:48 | 000,179,200 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.25 13:09:58 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009.01.20 09:42:03 | 000,061,440 | -H-- | C] () -- C:\Windows\System32\PTQL5F.DLL
[2009.01.13 18:17:01 | 000,000,000 | -H-- | C] () -- C:\Windows\tosOBEX.INI
[2009.01.13 16:52:33 | 000,001,932 | -H-- | C] () -- C:\Windows\Sandboxie.ini
[2009.01.13 11:48:39 | 000,000,035 | -H-- | C] () -- C:\Windows\Ulead32.INI
[2009.01.13 11:46:57 | 000,285,216 | -H-- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2009.01.13 11:46:57 | 000,007,680 | -H-- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2009.01.13 08:11:04 | 000,000,000 | -H-- | C] () -- C:\Users\Aupex\AppData\Roaming\wklnhst.dat
[2009.01.12 13:16:33 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.01.12 13:16:32 | 000,138,056 | -H-- | C] () -- C:\Users\Aupex\AppData\Roaming\PnkBstrK.sys
[2009.01.12 13:15:51 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.01.12 13:15:47 | 002,373,712 | -H-- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.01.12 13:15:47 | 000,075,136 | -H-- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.01.12 13:14:26 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.01.09 21:43:44 | 000,131,072 | -H-- | C] () -- C:\Users\Aupex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.09 01:01:22 | 000,629,760 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.01.05 14:48:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.12.29 00:05:28 | 000,027,335 | -H-- | C] () -- C:\Users\Aupex\AppData\Roaming\nvModes.001
[2008.12.29 00:02:44 | 000,027,335 | -H-- | C] () -- C:\Users\Aupex\AppData\Roaming\nvModes.dat
[2006.11.02 17:33:31 | 000,685,712 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,149,726 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,459,912 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,642,704 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,532 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2000.10.16 17:16:38 | 000,225,280 | -H-- | C] () -- C:\Windows\System32\Scint100.dll
[2000.10.16 17:16:38 | 000,110,592 | -H-- | C] () -- C:\Windows\System32\sccres100.dll
 
========== LOP Check ==========
 
[2011.06.02 21:13:10 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\5015
[2010.06.01 20:04:08 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Acronis
[2010.11.09 13:17:51 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Arduino
[2009.01.19 18:36:30 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Azureus
[2008.12.30 19:09:34 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\BitTorrent
[2009.01.06 22:23:08 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Blender Foundation
[2010.11.03 18:59:51 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\CadSoft
[2011.01.26 19:09:01 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\calibre
[2009.03.25 10:01:36 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Canneverbe_Limited
[2009.01.13 21:12:47 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Canon
[2009.01.08 22:15:47 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\DAEMON Tools
[2009.01.08 22:17:15 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\DAEMON Tools Lite
[2009.01.08 22:15:47 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\DAEMON Tools Pro
[2010.12.12 21:42:48 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\DVD Profiler
[2011.02.16 16:22:51 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.09 22:50:22 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\fdrtools.com
[2011.06.06 13:33:59 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Free Download Manager
[2010.08.27 19:06:03 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Fritzing
[2010.07.13 18:08:38 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\gtk-2.0
[2009.03.09 09:27:50 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\HDRsoft
[2010.10.18 21:31:23 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\InfraRecorder
[2011.06.02 21:12:55 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\kock
[2009.10.21 20:38:52 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Leadertech
[2009.09.30 16:12:09 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Lexware
[2011.01.13 09:42:38 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\LG Electronics
[2011.05.14 21:41:33 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\MAGIX
[2009.09.01 22:32:20 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Mp3tag
[2011.05.04 17:17:39 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\No Company Name
[2010.10.06 23:22:49 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\NwDocx
[2010.08.31 22:16:33 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Oloneo
[2009.01.06 23:21:40 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\OpenOffice.org
[2009.12.14 23:18:10 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Picturenaut
[2009.03.03 12:40:36 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Planetside Software
[2009.07.25 19:17:48 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\RawTherapee
[2010.02.04 13:39:45 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\RouterControl
[2009.08.07 13:52:29 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\SlySoft
[2009.06.16 22:25:15 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\T-Online
[2011.01.12 16:19:49 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Template
[2009.01.19 17:09:16 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Thinstall
[2010.09.20 19:23:53 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Thunderbird
[2009.03.03 13:39:23 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\uk.co.planetside
[2009.01.19 17:11:39 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\uTorrent
[2011.01.11 18:06:41 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\VidCoder
[2009.06.08 12:56:58 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\VistaStumbler
[2011.02.15 22:18:45 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\Xilisoft
[2011.06.05 20:55:43 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\xmldm
[2011.05.01 23:20:25 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\XnView
[2009.12.22 13:26:01 | 000,000,000 | -H-D | M] -- C:\Users\Aupex\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2011.06.06 19:26:25 | 000,032,606 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.06 20:10:50 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B7E58F2E-7704-4F70-9EB3-32EB591D496C}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:27291D76549DE56D
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0

< End of report >

OTL Extra:

Code:

ATTFilter

OTL Extras logfile created on: 06.06.2011 20:09:01 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Aupex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 64,20% Memory free
6,21 Gb Paging File | 5,17 Gb Available in Paging File | 83,27% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 1,08 Gb Free Space | 3,17% Space Free | Partition Type: NTFS
Drive D: | 192,84 Gb Total Space | 12,20 Gb Free Space | 6,33% Space Free | Partition Type: NTFS
Drive H: | 7,45 Gb Total Space | 3,45 Gb Free Space | 46,27% Space Free | Partition Type: FAT32
 
Computer Name: STEFANLAPTOP | User Name: Aupex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "D:\Program Files\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- D:\Program Files\canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3814163011-2074231880-4065175572-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"d:\Program Files\BitTorrent\bittorrent.exe" = d:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2E0168-A091-438E-A7FA-4897DA0F0DA8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{15514728-41F3-48FF-AB66-6CCEFD6FAAA7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{16CC534F-D6C6-4BBD-8382-69628BA12263}" = rport=137 | protocol=17 | dir=out | app=system | 
"{25FC251C-0C26-41AB-8424-BC383BA73F05}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{342DC21F-8295-4342-909D-A7F279578E63}" = lport=139 | protocol=6 | dir=in | app=system | 
"{48883D63-6C84-4CB2-9507-8AF14136E169}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{52F6B97D-D65F-4C2F-9504-13FEAB266629}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5FA8909D-B37A-4B82-A038-9BC54D200681}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{887C0506-54AC-4623-840A-D20902F3AB0E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D40E8E4E-B31C-4D42-BE9A-A503C4AA5243}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EEE08896-C538-44C4-A160-B1410D0CEA56}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F2B30D6D-C14D-4B2B-A635-DA319F3F910D}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013BD9BC-540B-4FC1-9BD7-27A95CFBAA1A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{162C996A-3D30-49C9-BB55-BC89C56F922A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{26027EF8-81F1-4D1C-9C8D-D1A32B61A540}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{2A863473-CE80-4366-851A-F4654BD0EED3}" = protocol=6 | dir=in | app=d:\spiele\battlef2\bf2.exe | 
"{2F815737-542A-4F7F-9777-9452BC759505}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{37BEB145-31D7-4A67-B216-DA223FBBA95C}" = protocol=6 | dir=in | app=c:\users\aupex\appdata\local\google\google talk plugin\googletalkplugin.dll | 
"{4503EFED-59B8-420A-8A66-7EADBDAFD1E9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{47E7F823-CA43-408D-B1AD-7F193DAA03F5}" = protocol=6 | dir=in | app=c:\users\aupex\appdata\local\temp\7zs9547.tmp\symnrt.exe | 
"{4AF8D247-2BB2-42B0-8ED6-38643DAD412D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5AE29E96-1F28-40E1-81EB-ECC181B98D60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68ED034B-6BB5-4050-B401-7FD0CDD9B594}" = protocol=17 | dir=in | app=d:\spiele\battlef2\bf2.exe | 
"{6D71C4A4-8C55-4051-9CAF-52C2775A4A49}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8B6DCC52-7B61-47A7-89F7-F52CFAC72B53}" = protocol=17 | dir=in | app=c:\users\aupex\appdata\local\temp\7zs9547.tmp\symnrt.exe | 
"{99193E75-9B32-455D-A0B6-B3DAFC176348}" = protocol=17 | dir=in | app=c:\users\aupex\appdata\local\google\google talk plugin\googletalkplugin.dll | 
"{9E8E6CBA-5CC4-45B3-ADCE-12A1CAD4EF4C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{B32A8D67-D6B3-4B82-AA52-CF4E5170086D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{B34D8511-DBB8-49C9-B66E-39B4FE65BAC5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC94E627-5B38-4F08-AB62-114E4D1DFC3C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D0109F9B-2C98-43D4-8B38-C8482030BEDC}" = protocol=6 | dir=in | app=c:\users\aupex\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{D6667324-1A77-4593-92D8-D93146AF8BA8}" = protocol=17 | dir=in | app=d:\program files\utorrent\utorrent.exe | 
"{D90F3206-FD62-4239-8891-BF06C088F99B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E1E749EA-C830-4C97-A757-351DF17A1A3D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E21CDC62-A43C-4E73-A342-666AA6DBD3E8}" = protocol=6 | dir=in | app=d:\program files\utorrent\utorrent.exe | 
"{EC08F273-D3ED-4C12-A5A6-EF62378C0496}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EC6CEA8F-7ECF-4685-BCB8-4EDAC6123F64}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{ECFC6907-0644-424D-8FBB-A89EC4BBF4E1}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{F60997C3-27A9-4BAC-A9C7-D1F064AC6E3B}" = protocol=17 | dir=in | app=c:\users\aupex\appdata\local\google\google talk plugin\googletalkplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking
"{003447F5-0058-4B77-9C1E-50488F77C4A7}" = Brother P-touch Editor 4.2
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (JTLWAWI)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14E5D149-FD0F-4595-A84E-68D821167591}" = NetObjects Fusion 11.0
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28CBE511-A28E-4010-BE83-1623FC3F1D3A}" = RUNAWAY - A road adventure
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = USB Video/Audio Device Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{45C4CE4D-64B7-47C8-A946-9737CD4C0259}_is1" = Fotomatic 1.3v
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5D4604-EA08-4EDC-8EE7-A004946FB016}" = Terragen 2 Free Edition (Beta)
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}" = Medal of Honor Allied Assault(tm) Spearhead
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault(tm) Breakthrough
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{985F828E-0E98-429F-9C05-EF3BDE7568F7}" = Paragon Drive Backup™ 9.0 Free Edition
"{98E9B724-0E62-4812-B6CC-C6A228BBC562}" = Brother P-touch Address Book 1.0
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CBBC89D4-84CB-48A5-AC5A-88452D3C44D3}" = JTL-Wawi - FastReport - Deployment
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF34973A-4865-4150-B4B4-0430C8311353}" = UpLoad/DownLoad
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Anti-Twin 2010-09-22 17.58.58" = Anti-Twin (Installation 22.09.2010)
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
"Blender" = Blender (remove only)
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2OEM" = CloneDVD2OEM
"CloneDVDmobile" = CloneDVDmobile
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DLDIrc" = DLDIrc
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"EAGLE 5.10.0" = EAGLE 5.10.0
"Elements+_is1" = Elements+ for PSE 8 (demo)
"EOS Utility" = Canon Utilities EOS Utility
"Eraser" = Eraser
"Everest Poker" = Everest Poker (Remove Only)
"ffdshow_is1" = ffdshow [rev 3072] [2009-09-12]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Download Manager_is1" = Free Download Manager 3.0
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.12
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.33
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{003447F5-0058-4B77-9C1E-50488F77C4A7}" = Brother P-touch Editor 4.2
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{98E9B724-0E62-4812-B6CC-C6A228BBC562}" = Brother P-touch Address Book 1.0
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.5.1
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8
"JTL-Wawi_is1" = JTL-Wawi
"Lidl-Fotos_is1" = Lidl-Fotos
"LMMS 0.4.8" = Linux MultiMedia Studio (LMMS)
"MAGIX Filme auf DVD TerraTec Edition D" = MAGIX Filme auf DVD TerraTec Edition 7.0.3.8 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"monzoom" = monzoom® pro
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Mp3tag" = Mp3tag v2.44
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"Nmap" = Nmap 4.85BETA9
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"OpenAL" = OpenAL
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.9
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PremElem80" = Adobe Premiere Elements 8.0
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RouterControl" = RouterControl 2.0
"Sandboxie" = Sandboxie 3.34
"ShrinkTo5Basic" = ShrinkTo5Basic
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"VidCoder_is1" = VidCoder 0.8.0 (x86)
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"WaveSurgeon (Evaluation)_is1" = WaveSurgeon (Evaluation) 2.8.1
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"XMedia Recode" = XMedia Recode 2.1.8.0
"XnView_is1" = XnView 1.95.4
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"pycrypto-py2.6" = Python 2.6 pycrypto-2.0.1
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

So hoffe ich habe alles richtig gepostet, und dass alles vollständig ist.

Gruss

ps. Seit heute mittag ist auch schon 4 oder 5 mal eine Fehlermeldung erschienen. In etwa "zugriff auf MS host ist auf diesem System nicht gestattet..." Genauen Wortlaut weiss ich leider nicht mehr.

cosinus · 06.06.2011, 20:18

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

aupex · 06.06.2011, 22:53

So hier der Vollständige Scan.
1 Fund - entfernt.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6788

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

06.06.2011 23:44:52
mbam-log-2011-06-06 (23-44-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 505024
Laufzeit: 1 Stunde(n), 27 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\program files\cryptload_1.1.8\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.

Danke

cosinus · 07.06.2011, 10:54

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1bbcd890-eeea-11de-b9ab-001d9250e6e2}\Shell - "" = AutoRun
O33 - MountPoints2\{1bbcd890-eeea-11de-b9ab-001d9250e6e2}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{2efc8af6-a9ea-11de-b4d8-001d9250e6e2}\Shell - "" = AutoRun
O33 - MountPoints2\{2efc8af6-a9ea-11de-b4d8-001d9250e6e2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{34d97eda-1ee7-11e0-9b61-001d9250e6e2}\Shell - "" = AutoRun
O33 - MountPoints2\{34d97eda-1ee7-11e0-9b61-001d9250e6e2}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{6be07ebc-4603-11df-8feb-001d9250e6e2}\Shell - "" = AutoRun
O33 - MountPoints2\{6be07ebc-4603-11df-8feb-001d9250e6e2}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{d249e3c1-ddc0-11dd-a09d-001d9250e6e2}\Shell - "" = AutoRun
O33 - MountPoints2\{d249e3c1-ddc0-11dd-a09d-001d9250e6e2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\setup.hta
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2011.06.06 16:10:19 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.06.06 13:31:55 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.06.02 21:13:10 | 000,232,400 | -H-- | C] (Adobe Systems, Incorporated) -- C:\Users\Aupex\AppData\Roaming\AcroIEHelpe.dll
[2011.06.02 21:13:10 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\5015
[2011.06.02 21:12:57 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\xmldm
[2011.06.02 21:12:55 | 000,000,000 | -H-D | C] -- C:\Users\Aupex\AppData\Roaming\kock
[2011.06.06 13:31:56 | 000,000,605 | -H-- | M] () -- C:\Users\Aupex\Desktop\Windows Vista Recovery.lnk
[2011.06.06 13:31:50 | 000,000,336 | -H-- | M] () -- C:\ProgramData\31907576
@Alternate Data Stream - 24 bytes -> C:\Windows:27291D76549DE56D
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

aupex · 07.06.2011, 17:52

So logfile von OTL Fix

Code:

ATTFilter

========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bbcd890-eeea-11de-b9ab-001d9250e6e2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bbcd890-eeea-11de-b9ab-001d9250e6e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bbcd890-eeea-11de-b9ab-001d9250e6e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bbcd890-eeea-11de-b9ab-001d9250e6e2}\ not found.
File G:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2efc8af6-a9ea-11de-b4d8-001d9250e6e2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2efc8af6-a9ea-11de-b4d8-001d9250e6e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2efc8af6-a9ea-11de-b4d8-001d9250e6e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2efc8af6-a9ea-11de-b4d8-001d9250e6e2}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34d97eda-1ee7-11e0-9b61-001d9250e6e2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34d97eda-1ee7-11e0-9b61-001d9250e6e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34d97eda-1ee7-11e0-9b61-001d9250e6e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34d97eda-1ee7-11e0-9b61-001d9250e6e2}\ not found.
File G:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6be07ebc-4603-11df-8feb-001d9250e6e2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6be07ebc-4603-11df-8feb-001d9250e6e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6be07ebc-4603-11df-8feb-001d9250e6e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6be07ebc-4603-11df-8feb-001d9250e6e2}\ not found.
File G:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d249e3c1-ddc0-11dd-a09d-001d9250e6e2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d249e3c1-ddc0-11dd-a09d-001d9250e6e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d249e3c1-ddc0-11dd-a09d-001d9250e6e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d249e3c1-ddc0-11dd-a09d-001d9250e6e2}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\setup.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
C:\Windows\Internet Logs folder moved successfully.
C:\Users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery folder moved successfully.
File C:\Users\Aupex\AppData\Roaming\AcroIEHelpe.dll not found.
C:\Users\Aupex\AppData\Roaming\5015\components folder moved successfully.
C:\Users\Aupex\AppData\Roaming\5015 folder moved successfully.
C:\Users\Aupex\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Aupex\AppData\Roaming\kock folder moved successfully.
C:\Users\Aupex\Desktop\Windows Vista Recovery.lnk moved successfully.
C:\ProgramData\31907576 moved successfully.
ADS C:\Windows:27291D76549DE56D deleted successfully.
ADS C:\ProgramData\TEMP:8FF81EB0 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.23.0 log created on 06072011_184938

Danke

Sehe gerade, dass er Fehler beim LW G bringt. Das war mein USB Stick. Den hab ich leider momentan nicht greifbar.

cosinus · 07.06.2011, 21:28

Ist schon ok, sind nur Mountpoints.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

aupex · 07.06.2011, 21:43

Unhide hab ich schon ausgeführt.
Einige Einträge im Startmenü fehlen (z.b. Windows Taschenrechner) trotzdem bzw sind leer.

Hier die Log.

Code:

ATTFilter

2011/06/07 22:41:13.0780 3484	TDSS rootkit removing tool 2.5.4.0 Jun  7 2011 17:31:48
2011/06/07 22:41:13.0903 3484	================================================================================
2011/06/07 22:41:13.0904 3484	SystemInfo:
2011/06/07 22:41:13.0904 3484	
2011/06/07 22:41:13.0904 3484	OS Version: 6.0.6002 ServicePack: 2.0
2011/06/07 22:41:13.0904 3484	Product type: Workstation
2011/06/07 22:41:13.0904 3484	ComputerName: STEFANLAPTOP
2011/06/07 22:41:13.0904 3484	UserName: Aupex
2011/06/07 22:41:13.0904 3484	Windows directory: C:\Windows
2011/06/07 22:41:13.0904 3484	System windows directory: C:\Windows
2011/06/07 22:41:13.0904 3484	Processor architecture: Intel x86
2011/06/07 22:41:13.0904 3484	Number of processors: 2
2011/06/07 22:41:13.0904 3484	Page size: 0x1000
2011/06/07 22:41:13.0904 3484	Boot type: Normal boot
2011/06/07 22:41:13.0904 3484	================================================================================
2011/06/07 22:41:16.0098 3484	Initialize success
2011/06/07 22:41:56.0827 2560	================================================================================
2011/06/07 22:41:56.0828 2560	Scan started
2011/06/07 22:41:56.0828 2560	Mode: Manual; 
2011/06/07 22:41:56.0828 2560	================================================================================
2011/06/07 22:41:58.0316 2560	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/07 22:41:58.0490 2560	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/07 22:41:58.0590 2560	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/07 22:41:58.0624 2560	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/07 22:41:58.0677 2560	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/07 22:41:58.0764 2560	afcdp           (f132d0bfde7c5ea1ab42325c5694a969) C:\Windows\system32\DRIVERS\afcdp.sys
2011/06/07 22:41:58.0843 2560	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/07 22:41:58.0989 2560	AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/06/07 22:41:59.0172 2560	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/07 22:41:59.0225 2560	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/07 22:41:59.0266 2560	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/07 22:41:59.0314 2560	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/07 22:41:59.0343 2560	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/07 22:41:59.0395 2560	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/07 22:41:59.0414 2560	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/07 22:41:59.0467 2560	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/07 22:41:59.0499 2560	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/07 22:41:59.0554 2560	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/07 22:41:59.0594 2560	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/07 22:41:59.0680 2560	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/07 22:41:59.0771 2560	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/07 22:41:59.0834 2560	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/07 22:41:59.0871 2560	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/07 22:41:59.0921 2560	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/07 22:41:59.0965 2560	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/07 22:42:00.0012 2560	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/07 22:42:00.0049 2560	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/07 22:42:00.0078 2560	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/07 22:42:00.0142 2560	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/07 22:42:00.0191 2560	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/07 22:42:00.0256 2560	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/07 22:42:00.0316 2560	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/07 22:42:00.0404 2560	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/07 22:42:00.0453 2560	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/07 22:42:00.0500 2560	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/07 22:42:00.0533 2560	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/07 22:42:00.0578 2560	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/07 22:42:00.0648 2560	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/07 22:42:00.0741 2560	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/07 22:42:00.0803 2560	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/07 22:42:00.0914 2560	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/07 22:42:00.0967 2560	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/07 22:42:01.0027 2560	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/07 22:42:01.0103 2560	ElbyCDFL        (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
2011/06/07 22:42:01.0130 2560	ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/06/07 22:42:01.0176 2560	ElbyDelay       (e205c313417da6fa7afe85912a310a65) C:\Windows\system32\Drivers\ElbyDelay.sys
2011/06/07 22:42:01.0301 2560	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/07 22:42:01.0346 2560	enecir          (29dcaeb81dde6f154aa4d36b18ecbb1f) C:\Windows\system32\DRIVERS\enecir.sys
2011/06/07 22:42:01.0435 2560	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/07 22:42:01.0511 2560	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/07 22:42:01.0566 2560	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/07 22:42:01.0632 2560	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/07 22:42:01.0691 2560	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/07 22:42:01.0737 2560	FlashUSB        (5575ee5823de1558f8486eb4e33ffa99) C:\Windows\system32\DRIVERS\FlashUSB.sys
2011/06/07 22:42:01.0774 2560	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/07 22:42:01.0832 2560	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/07 22:42:01.0904 2560	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/07 22:42:01.0942 2560	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/07 22:42:02.0016 2560	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/06/07 22:42:02.0055 2560	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/06/07 22:42:02.0147 2560	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/06/07 22:42:02.0261 2560	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/07 22:42:02.0316 2560	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/07 22:42:02.0362 2560	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/07 22:42:02.0425 2560	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/07 22:42:02.0495 2560	hotcore3        (9e05f872290e5595afd4871cdee550a3) C:\Windows\system32\DRIVERS\hotcore3.sys
2011/06/07 22:42:02.0543 2560	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/07 22:42:02.0605 2560	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/07 22:42:02.0648 2560	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/07 22:42:02.0706 2560	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/07 22:42:02.0775 2560	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/07 22:42:02.0838 2560	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/07 22:42:03.0260 2560	IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/07 22:42:03.0545 2560	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/07 22:42:03.0744 2560	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/07 22:42:03.0868 2560	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/07 22:42:04.0019 2560	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/07 22:42:04.0090 2560	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/07 22:42:04.0245 2560	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/07 22:42:04.0288 2560	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/07 22:42:04.0351 2560	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/07 22:42:04.0392 2560	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/07 22:42:04.0436 2560	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/07 22:42:04.0488 2560	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/07 22:42:04.0563 2560	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/07 22:42:04.0627 2560	KL1             (94d67d49bd9503bb1d838405d80f2058) C:\Windows\system32\DRIVERS\kl1.sys
2011/06/07 22:42:04.0678 2560	kl2             (713576569667ac9e0f8556076004a96b) C:\Windows\system32\DRIVERS\kl2.sys
2011/06/07 22:42:04.0774 2560	KLIF            (39920d69eaedb51757527aa54fe25216) C:\Windows\system32\DRIVERS\klif.sys
2011/06/07 22:42:04.0858 2560	KLIM6           (cf88b4985d957eee45c9939092e87c92) C:\Windows\system32\DRIVERS\klim6.sys
2011/06/07 22:42:04.0893 2560	klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/06/07 22:42:05.0027 2560	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/07 22:42:05.0251 2560	Lbd             (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2011/06/07 22:42:05.0318 2560	LgBttPort       (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys
2011/06/07 22:42:05.0359 2560	lgbusenum       (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys
2011/06/07 22:42:05.0424 2560	LGVMODEM        (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys
2011/06/07 22:42:05.0502 2560	LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/06/07 22:42:05.0576 2560	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/07 22:42:05.0651 2560	LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/06/07 22:42:05.0694 2560	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/07 22:42:05.0737 2560	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/07 22:42:05.0776 2560	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/07 22:42:05.0840 2560	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/07 22:42:05.0909 2560	LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/06/07 22:42:05.0966 2560	MBAMProtector   (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
2011/06/07 22:42:06.0047 2560	MBAMSwissArmy   (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/07 22:42:06.0100 2560	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/07 22:42:06.0152 2560	MGHwCtrl        (e5292521916cea4937fbabcb1532f676) C:\Windows\system32\drivers\MGHwCtrl.sys
2011/06/07 22:42:06.0195 2560	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/07 22:42:06.0238 2560	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/07 22:42:06.0279 2560	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/07 22:42:06.0318 2560	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/07 22:42:06.0363 2560	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/07 22:42:06.0408 2560	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/07 22:42:06.0442 2560	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/07 22:42:06.0482 2560	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/07 22:42:06.0547 2560	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/07 22:42:06.0610 2560	mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/07 22:42:06.0692 2560	mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/07 22:42:06.0756 2560	mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/07 22:42:06.0843 2560	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/07 22:42:06.0880 2560	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/07 22:42:06.0937 2560	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/07 22:42:07.0000 2560	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/07 22:42:07.0088 2560	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/07 22:42:07.0132 2560	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/07 22:42:07.0165 2560	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/07 22:42:07.0224 2560	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/07 22:42:07.0307 2560	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/07 22:42:07.0391 2560	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/07 22:42:07.0455 2560	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/07 22:42:07.0522 2560	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/07 22:42:07.0655 2560	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/07 22:42:07.0712 2560	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/07 22:42:07.0777 2560	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/07 22:42:07.0836 2560	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/07 22:42:07.0884 2560	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/07 22:42:07.0930 2560	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/07 22:42:07.0995 2560	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/07 22:42:08.0151 2560	NETw4v32        (cb3af516a6797b27725e3f1e73f3496c) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/06/07 22:42:08.0282 2560	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/07 22:42:08.0341 2560	npf             (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\npf.sys
2011/06/07 22:42:08.0396 2560	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/07 22:42:08.0447 2560	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/07 22:42:08.0523 2560	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/07 22:42:08.0588 2560	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/07 22:42:08.0658 2560	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/07 22:42:09.0315 2560	nvlddmkm        (34b25700ad76e4018f6c616c67390f35) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/07 22:42:09.0759 2560	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/07 22:42:09.0790 2560	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/07 22:42:09.0870 2560	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/07 22:42:09.0981 2560	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/07 22:42:10.0030 2560	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/07 22:42:10.0077 2560	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/07 22:42:10.0122 2560	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/07 22:42:10.0217 2560	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/07 22:42:10.0246 2560	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/07 22:42:10.0278 2560	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/07 22:42:10.0339 2560	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/07 22:42:10.0465 2560	PnkBstrK        (3b83da510042830d2834eb9f64d62e33) C:\Windows\system32\drivers\PnkBstrK.sys
2011/06/07 22:42:10.0619 2560	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/07 22:42:10.0674 2560	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/07 22:42:10.0720 2560	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/07 22:42:10.0763 2560	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/07 22:42:10.0834 2560	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/07 22:42:10.0882 2560	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/07 22:42:10.0957 2560	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/07 22:42:10.0997 2560	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/07 22:42:11.0050 2560	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/07 22:42:11.0114 2560	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/07 22:42:11.0172 2560	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/07 22:42:11.0226 2560	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/07 22:42:11.0281 2560	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/07 22:42:11.0409 2560	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/07 22:42:11.0447 2560	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/07 22:42:11.0510 2560	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/07 22:42:11.0580 2560	rimmptsk        (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/06/07 22:42:11.0615 2560	rimsptsk        (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/06/07 22:42:11.0661 2560	ROOTMODEM       (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/06/07 22:42:11.0736 2560	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/07 22:42:11.0789 2560	RTL8169         (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/06/07 22:42:11.0836 2560	s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/06/07 22:42:11.0876 2560	s0016mdfl       (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/06/07 22:42:11.0910 2560	s0016mdm        (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/06/07 22:42:11.0952 2560	s0016mgmt       (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/06/07 22:42:12.0014 2560	s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/06/07 22:42:12.0053 2560	s0016obex       (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/06/07 22:42:12.0121 2560	s0016unic       (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/06/07 22:42:12.0360 2560	SbieDrv         (a07d4747a6ebf15968cf5c891709d8f6) d:\Program Files\Sandboxie\SbieDrv.sys
2011/06/07 22:42:12.0406 2560	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/07 22:42:12.0472 2560	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/07 22:42:12.0519 2560	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/07 22:42:12.0599 2560	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/06/07 22:42:12.0656 2560	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/07 22:42:12.0700 2560	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/07 22:42:12.0763 2560	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/07 22:42:12.0836 2560	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/07 22:42:12.0872 2560	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/07 22:42:12.0917 2560	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/07 22:42:12.0943 2560	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/07 22:42:12.0988 2560	Si3531          (7471cf7cbb4cc7d92fdb7f6527a9008c) C:\Windows\system32\DRIVERS\Si3531.sys
2011/06/07 22:42:13.0011 2560	SiFilter        (72cf151fb410e544904dbc7d7f29b796) C:\Windows\system32\DRIVERS\SiWinAcc.sys
2011/06/07 22:42:13.0032 2560	SiRemFil        (41a59f484188be629087ba391ff60d74) C:\Windows\system32\DRIVERS\SiRemFil.sys
2011/06/07 22:42:13.0064 2560	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/07 22:42:13.0094 2560	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/07 22:42:13.0130 2560	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/07 22:42:13.0182 2560	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/07 22:42:13.0258 2560	snapman         (ffd9b64db2cd7b74b766c3a8452a5816) C:\Windows\system32\DRIVERS\snapman.sys
2011/06/07 22:42:13.0300 2560	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/07 22:42:13.0391 2560	sptd            (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/06/07 22:42:13.0392 2560	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/06/07 22:42:13.0398 2560	sptd - detected LockedFile.Multi.Generic (1)
2011/06/07 22:42:13.0509 2560	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/07 22:42:13.0623 2560	srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/07 22:42:13.0684 2560	srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/07 22:42:13.0754 2560	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/07 22:42:13.0803 2560	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/07 22:42:13.0832 2560	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/07 22:42:13.0861 2560	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/07 22:42:13.0918 2560	tap0901         (34f1bcb847a924a161422f106a79b9ff) C:\Windows\system32\DRIVERS\tap0901.sys
2011/06/07 22:42:14.0081 2560	Tcpip           (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/06/07 22:42:14.0128 2560	Tcpip6          (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/07 22:42:14.0169 2560	tcpipreg        (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/07 22:42:14.0243 2560	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/07 22:42:14.0507 2560	tdrpman251      (3630f5b8181554deecfe2e4252bc4c4c) C:\Windows\system32\DRIVERS\tdrpm251.sys
2011/06/07 22:42:14.0556 2560	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/07 22:42:14.0624 2560	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/07 22:42:14.0669 2560	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/07 22:42:14.0735 2560	timounter       (c820bfc70feb25ec877c49e81cd477c1) C:\Windows\system32\DRIVERS\timntr.sys
2011/06/07 22:42:14.0803 2560	tosporte        (2c15b4856f929ac7dd144044d8334b54) C:\Windows\system32\DRIVERS\tosporte.sys
2011/06/07 22:42:14.0876 2560	tosrfbd         (6750328ab04ae5faf01403a575d66978) C:\Windows\system32\DRIVERS\tosrfbd.sys
2011/06/07 22:42:14.0917 2560	tosrfbnp        (e5e34cd8848742cdc946f589f802630f) C:\Windows\system32\Drivers\tosrfbnp.sys
2011/06/07 22:42:14.0948 2560	Tosrfcom        (c281d231ba7bc7955d39ea9e21374eff) C:\Windows\system32\Drivers\tosrfcom.sys
2011/06/07 22:42:14.0980 2560	Tosrfhid        (592cd9c8ab08ef02ea53905d30fb157e) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2011/06/07 22:42:15.0006 2560	tosrfnds        (0f3fd4f55175caeddce9efd6c5ca45d3) C:\Windows\system32\DRIVERS\tosrfnds.sys
2011/06/07 22:42:15.0033 2560	TosRfSnd        (f21031c35fe340a948ffdca6de74d333) C:\Windows\system32\drivers\tosrfsnd.sys
2011/06/07 22:42:15.0076 2560	Tosrfusb        (c4245835d4fac0494ed616f3bfe9ee0a) C:\Windows\system32\DRIVERS\tosrfusb.sys
2011/06/07 22:42:15.0152 2560	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/07 22:42:15.0206 2560	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/07 22:42:15.0271 2560	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/07 22:42:15.0313 2560	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/07 22:42:15.0385 2560	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/07 22:42:15.0434 2560	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/07 22:42:15.0485 2560	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/07 22:42:15.0521 2560	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/07 22:42:15.0558 2560	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/07 22:42:15.0607 2560	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/07 22:42:15.0677 2560	USB28xxBGA      (8e9dccb2ba19c959a8c3a344445bb954) C:\Windows\system32\DRIVERS\emBDA.sys
2011/06/07 22:42:15.0743 2560	USB28xxOEM      (da617ca98704142f10938089dd0738a4) C:\Windows\system32\DRIVERS\emOEM.sys
2011/06/07 22:42:15.0820 2560	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/06/07 22:42:15.0870 2560	usbbus          (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/06/07 22:42:15.0918 2560	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/07 22:42:15.0973 2560	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/07 22:42:16.0035 2560	UsbDiag         (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/06/07 22:42:16.0089 2560	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/07 22:42:16.0117 2560	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/07 22:42:16.0217 2560	USBModem        (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/06/07 22:42:16.0255 2560	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/07 22:42:16.0305 2560	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/07 22:42:16.0365 2560	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/07 22:42:16.0418 2560	usbser          (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
2011/06/07 22:42:16.0469 2560	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/07 22:42:16.0512 2560	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/07 22:42:16.0577 2560	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/07 22:42:16.0643 2560	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/07 22:42:16.0690 2560	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/07 22:42:16.0728 2560	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/07 22:42:16.0749 2560	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/07 22:42:16.0788 2560	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/07 22:42:16.0828 2560	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/07 22:42:16.0895 2560	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/07 22:42:16.0948 2560	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/07 22:42:16.0990 2560	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/07 22:42:17.0087 2560	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/07 22:42:17.0128 2560	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/07 22:42:17.0165 2560	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/07 22:42:17.0214 2560	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/07 22:42:17.0277 2560	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/07 22:42:17.0387 2560	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/07 22:42:17.0452 2560	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/07 22:42:17.0518 2560	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/07 22:42:17.0615 2560	MBR (0x1B8)     (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
2011/06/07 22:42:17.0630 2560	================================================================================
2011/06/07 22:42:17.0630 2560	Scan finished
2011/06/07 22:42:17.0630 2560	================================================================================
2011/06/07 22:42:17.0641 5128	Detected object count: 1
2011/06/07 22:42:17.0641 5128	Actual detected object count: 1
2011/06/07 22:42:33.0618 5128	LockedFile.Multi.Generic(sptd) - User select action: Skip

cosinus · 07.06.2011, 22:26

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

aupex · 08.06.2011, 11:52

Combofix liefert folgendes

Code:

ATTFilter

ComboFix 11-06-07.03 - Aupex 08.06.2011  12:02:12.1.2 - x86
ausgeführt von:: c:\users\Aupex\Desktop\cofi.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpe1201.dll
c:\programdata\hpe43CB.dll
c:\users\Aupex\AppData\Roaming\Microsoft\Windows\Recent\service_buerger_ePassSchabl_knd.url
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-08 bis 2011-06-08  ))))))))))))))))))))))))))))))
.
.
2011-06-08 10:13 . 2011-06-08 10:20	--------	d-----w-	c:\users\Aupex\AppData\Local\temp
2011-06-08 10:13 . 2011-06-08 10:13	--------	d-----w-	c:\users\Stefan\AppData\Local\temp
2011-06-08 10:13 . 2011-06-08 10:13	--------	d-----w-	c:\users\Lotte\AppData\Local\temp
2011-06-08 10:13 . 2011-06-08 10:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-08 10:13 . 2011-06-08 10:13	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2011-06-08 10:00 . 2011-06-08 10:00	--------	d-----w-	C:\32788R22FWJFW
2011-06-07 16:54 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2CB7D1F-8C55-4F37-B96C-B1E46C36B0E6}\mpengine.dll
2011-06-07 16:49 . 2011-06-07 16:49	--------	d-----w-	C:\_OTL
2011-06-06 19:21 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-06-06 17:38 . 2011-06-06 17:44	115369	----a-w-	c:\windows\system32\drivers\klin.dat
2011-06-06 17:38 . 2011-06-06 17:38	97859	----a-w-	c:\windows\system32\drivers\klick.dat
2011-06-06 17:34 . 2011-06-08 10:20	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-06-06 17:25 . 2011-06-06 17:25	0	----a-w-	c:\users\Aupex\AppData\Local\BITF2ED.tmp
2011-06-06 14:01 . 2011-06-06 14:01	--------	d-----w-	C:\kleaner.tmp
2011-06-02 19:13 . 2011-06-02 19:13	112	----a-w-	c:\users\Aupex\AppData\Roaming\srvblck2.tmp
2011-05-31 15:14 . 2011-05-31 15:14	--------	d-----w-	C:\Programs
2011-05-29 07:59 . 2011-05-29 07:59	--------	d-----w-	c:\users\Aupex\AppData\Roaming\Media Player Classic
2011-05-26 14:41 . 2011-05-26 14:41	--------	d-----w-	c:\users\UpdatusUser
2011-05-26 14:38 . 2011-05-26 14:38	--------	d-----w-	c:\programdata\NVIDIA Corporation
2011-05-26 14:37 . 2011-04-08 05:14	57960	----a-w-	c:\windows\system32\OpenCL.dll
2011-05-26 14:37 . 2011-04-08 05:14	944232	----a-w-	c:\windows\system32\nvdispco3220140.dll
2011-05-26 14:37 . 2011-04-08 05:14	855656	----a-w-	c:\windows\system32\nvgenco322060.dll
2011-05-26 14:37 . 2011-04-08 05:14	5180824	----a-w-	c:\windows\system32\nvcuda.dll
2011-05-26 14:37 . 2011-04-08 05:14	2765928	----a-w-	c:\windows\system32\nvcuvid.dll
2011-05-26 14:37 . 2011-04-08 05:14	2074216	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-05-26 14:37 . 2011-04-08 05:14	13007464	----a-w-	c:\windows\system32\nvcompiler.dll
2011-05-26 14:37 . 2011-05-26 14:42	--------	d-----w-	c:\program files\NVIDIA Corporation
2011-05-17 14:43 . 2011-05-17 14:43	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 19:41 . 2011-05-14 19:41	--------	d-----w-	c:\users\Aupex\AppData\Roaming\MAGIX
2011-05-14 19:39 . 2006-07-21 14:16	430080	----a-w-	c:\windows\system32\MXRestore.exe
2011-05-14 19:39 . 2011-05-14 19:41	--------	d-----w-	c:\programdata\MAGIX
2011-05-14 19:36 . 2007-04-27 07:43	120200	----a-w-	c:\windows\system32\DLLDEV32i.dll
2011-05-14 19:35 . 2011-05-14 19:40	--------	d-----w-	c:\program files\Common Files\MAGIX Services
2011-05-14 19:31 . 2009-11-10 09:43	585280	----a-w-	c:\windows\system32\drivers\emBDA.sys
2011-05-14 19:31 . 2009-11-10 09:43	549952	----a-w-	c:\windows\system32\drivers\emOEM.sys
2011-05-14 19:31 . 2009-11-10 09:43	119872	----a-w-	c:\windows\system32\emPRP.ax
2011-05-14 19:31 . 2009-08-13 14:28	80896	----a-w-	c:\windows\emMON.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 20:10 . 2009-01-12 11:16	138264	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2011-06-07 20:10 . 2009-07-09 20:40	234768	----a-w-	c:\windows\system32\PnkBstrB.xtr
2011-06-07 20:10 . 2009-01-12 11:15	234768	----a-w-	c:\windows\system32\PnkBstrB.exe
2011-06-01 21:57 . 2009-01-12 11:16	138056	----a-w-	c:\users\Aupex\AppData\Roaming\PnkBstrK.sys
2011-05-29 07:11 . 2011-01-31 17:02	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 12:24 . 2007-09-02 05:20	319456	----a-w-	c:\windows\DIFxAPI.dll
2011-04-13 19:23 . 2009-01-12 11:15	75136	----a-w-	c:\windows\system32\PnkBstrA.exe
2011-04-13 13:38 . 2011-04-13 13:38	229776	----a-w-	c:\windows\system32\klogon.dll
2011-04-08 05:14 . 2011-05-26 14:37	10920	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
2011-04-07 20:43 . 2011-04-07 20:43	580200	----a-w-	c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:43 . 2011-04-07 20:43	66664	----a-w-	c:\windows\system32\nvshext.dll
2011-04-07 20:43 . 2011-04-07 20:43	612456	----a-w-	c:\windows\system32\nvvsvc.exe
2011-04-07 20:43 . 2011-04-07 20:43	293992	----a-w-	c:\windows\system32\nvhotkey.dll
2011-04-07 20:43 . 2011-04-07 20:43	2582120	----a-w-	c:\windows\system32\nvsvcr.dll
2011-03-12 21:55 . 2011-04-28 05:57	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-14 18:04	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 18:04	1136640	----a-w-	c:\windows\system32\mfc42.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="d:\program files\Spybot2\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"CloneCDTray"="d:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"NBAgent"="d:\program files\nero10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357800]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-12-04 561152]
"Malwarebytes' Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"TrayServer"="d:\program files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe" [2008-01-17 90112]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-20 8462336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-20 81920]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe" [2011-04-13 387696]
.
c:\users\Lotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll d:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3814163011-2074231880-4065175572-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2007-08-23 61440]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-11-18 13224]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys [2008-12-13 40496]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-21 64288]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2006-11-17 210224]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-07 717296]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2010-06-01 902432]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-01 2326920]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot2\SDWinSec.exe [2009-01-26 1153368]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-06-01 159168]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 14:01]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 14:01]
.
2011-06-08 c:\windows\Tasks\User_Feed_Synchronization-{B7E58F2E-7704-4F70-9EB3-32EB591D496C}.job
- c:\windows\system32\msfeedssync.exe [2011-04-14 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: add to &BOM - d:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Alles mit FDM herunterladen - file://d:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://d:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://d:\program files\Free Download Manager\dllink.htm
IE: Download with Xilisoft Download YouTube Video - d:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: Free YouTube to Mp3 Converter - c:\users\Aupex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://d:\program files\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Aupex\AppData\Roaming\Mozilla\Firefox\Profiles\z8fjhgyp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Corel Reminder - (no file)
AddRemove-Digital Editions - d:\program files\Adobe\Adobe Digital Editions\uninstall.exe
AddRemove-monzoom - c:\windows\UNIN0407.EXE
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-08 12:18
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\windows\TEMP\TMP0000001733A4B225E03472DC 524288 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{14436a7b-9e23-494b-a111-e37191a2c976}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001cbf
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3a243766-5eb0-4676-ad7b-e04cd7dd72fe}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7a29ed93-6351-41eb-9905-1ed063d7f849}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12001d92
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7e4d3fd4-2868-44d7-9825-067520fd8405}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0019db
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d0afe3f2-13fb-4751-8052-252704efb999}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:110019db
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d8f17211-c64d-4148-8547-221e41e3b9f0}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d0013e8
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\PnkBstrA.exe
d:\program files\Sandboxie\SbieSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\PEV.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-08  12:30:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-06-08 10:30
.
Vor Suchlauf: 866.848.768 Bytes frei
Nach Suchlauf: 931.987.456 Bytes frei
.
- - End Of File - - DFE9B523B693AE6A7ECC3B3AA97374EA

cosinus · 08.06.2011, 12:40

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Folder::
C:\32788R22FWJFW

File::
c:\users\Aupex\AppData\Local\BITF2ED.tmp
C:\kleaner.tmp
c:\users\Aupex\AppData\Roaming\srvblck2.tmp
c:\windows\TEMP\TMP0000001733A4B225E03472DC

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

aupex · 08.06.2011, 15:47

Logfile:

Code:

ATTFilter

ComboFix 11-06-07.03 - Aupex 08.06.2011  15:11:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1861 [GMT 2:00]
ausgeführt von:: c:\users\Aupex\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Aupex\Desktop\CFScript.txt.txt
AV: Kaspersky Security Suite CBE 11 *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Security Suite CBE 11 *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Security Suite CBE 11 *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"C:\kleaner.tmp"
"c:\users\Aupex\AppData\Local\BITF2ED.tmp"
"c:\users\Aupex\AppData\Roaming\srvblck2.tmp"
"c:\windows\TEMP\TMP0000001733A4B225E03472DC"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\32788R22FWJFW
c:\users\Aupex\AppData\Local\BITF2ED.tmp
c:\users\Aupex\AppData\Roaming\srvblck2.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-08 bis 2011-06-08  ))))))))))))))))))))))))))))))
.
.
2011-06-08 13:21 . 2011-06-08 13:21	--------	d-----w-	c:\users\Aupex\AppData\Local\temp
2011-06-08 13:21 . 2011-06-08 13:21	--------	d-----w-	c:\users\Stefan\AppData\Local\temp
2011-06-08 13:21 . 2011-06-08 13:21	--------	d-----w-	c:\users\Lotte\AppData\Local\temp
2011-06-08 13:21 . 2011-06-08 13:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-08 13:21 . 2011-06-08 13:21	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2011-06-07 16:54 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2CB7D1F-8C55-4F37-B96C-B1E46C36B0E6}\mpengine.dll
2011-06-07 16:49 . 2011-06-07 16:49	--------	d-----w-	C:\_OTL
2011-06-06 19:21 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-06-06 17:38 . 2011-06-06 17:44	115369	----a-w-	c:\windows\system32\drivers\klin.dat
2011-06-06 17:38 . 2011-06-06 17:38	97859	----a-w-	c:\windows\system32\drivers\klick.dat
2011-06-06 17:34 . 2011-06-08 13:05	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-06-06 14:01 . 2011-06-06 14:01	--------	d-----w-	C:\kleaner.tmp
2011-05-31 15:14 . 2011-05-31 15:14	--------	d-----w-	C:\Programs
2011-05-29 07:59 . 2011-05-29 07:59	--------	d-----w-	c:\users\Aupex\AppData\Roaming\Media Player Classic
2011-05-26 14:41 . 2011-05-26 14:41	--------	d-----w-	c:\users\UpdatusUser
2011-05-26 14:38 . 2011-05-26 14:38	--------	d-----w-	c:\programdata\NVIDIA Corporation
2011-05-26 14:37 . 2011-04-08 05:14	57960	----a-w-	c:\windows\system32\OpenCL.dll
2011-05-26 14:37 . 2011-04-08 05:14	944232	----a-w-	c:\windows\system32\nvdispco3220140.dll
2011-05-26 14:37 . 2011-04-08 05:14	855656	----a-w-	c:\windows\system32\nvgenco322060.dll
2011-05-26 14:37 . 2011-04-08 05:14	5180824	----a-w-	c:\windows\system32\nvcuda.dll
2011-05-26 14:37 . 2011-04-08 05:14	2765928	----a-w-	c:\windows\system32\nvcuvid.dll
2011-05-26 14:37 . 2011-04-08 05:14	2074216	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-05-26 14:37 . 2011-04-08 05:14	13007464	----a-w-	c:\windows\system32\nvcompiler.dll
2011-05-26 14:37 . 2011-05-26 14:42	--------	d-----w-	c:\program files\NVIDIA Corporation
2011-05-17 14:43 . 2011-05-17 14:43	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 19:41 . 2011-05-14 19:41	--------	d-----w-	c:\users\Aupex\AppData\Roaming\MAGIX
2011-05-14 19:39 . 2006-07-21 14:16	430080	----a-w-	c:\windows\system32\MXRestore.exe
2011-05-14 19:39 . 2011-05-14 19:41	--------	d-----w-	c:\programdata\MAGIX
2011-05-14 19:36 . 2007-04-27 07:43	120200	----a-w-	c:\windows\system32\DLLDEV32i.dll
2011-05-14 19:35 . 2011-05-14 19:40	--------	d-----w-	c:\program files\Common Files\MAGIX Services
2011-05-14 19:31 . 2009-11-10 09:43	585280	----a-w-	c:\windows\system32\drivers\emBDA.sys
2011-05-14 19:31 . 2009-11-10 09:43	549952	----a-w-	c:\windows\system32\drivers\emOEM.sys
2011-05-14 19:31 . 2009-11-10 09:43	119872	----a-w-	c:\windows\system32\emPRP.ax
2011-05-14 19:31 . 2009-08-13 14:28	80896	----a-w-	c:\windows\emMON.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 20:10 . 2009-01-12 11:16	138264	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2011-06-07 20:10 . 2009-07-09 20:40	234768	----a-w-	c:\windows\system32\PnkBstrB.xtr
2011-06-07 20:10 . 2009-01-12 11:15	234768	----a-w-	c:\windows\system32\PnkBstrB.exe
2011-06-01 21:57 . 2009-01-12 11:16	138056	----a-w-	c:\users\Aupex\AppData\Roaming\PnkBstrK.sys
2011-05-29 07:11 . 2011-01-31 17:02	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 12:24 . 2007-09-02 05:20	319456	----a-w-	c:\windows\DIFxAPI.dll
2011-04-13 19:23 . 2009-01-12 11:15	75136	----a-w-	c:\windows\system32\PnkBstrA.exe
2011-04-13 13:38 . 2011-04-13 13:38	229776	----a-w-	c:\windows\system32\klogon.dll
2011-04-08 05:14 . 2011-05-26 14:37	10920	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
2011-04-07 20:43 . 2011-04-07 20:43	580200	----a-w-	c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:43 . 2011-04-07 20:43	66664	----a-w-	c:\windows\system32\nvshext.dll
2011-04-07 20:43 . 2011-04-07 20:43	612456	----a-w-	c:\windows\system32\nvvsvc.exe
2011-04-07 20:43 . 2011-04-07 20:43	293992	----a-w-	c:\windows\system32\nvhotkey.dll
2011-04-07 20:43 . 2011-04-07 20:43	2582120	----a-w-	c:\windows\system32\nvsvcr.dll
2011-03-12 21:55 . 2011-04-28 05:57	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-14 18:04	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 18:04	1136640	----a-w-	c:\windows\system32\mfc42.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="d:\program files\Spybot2\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"CloneCDTray"="d:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"NBAgent"="d:\program files\nero10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357800]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-12-04 561152]
"Malwarebytes' Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"TrayServer"="d:\program files\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe" [2008-01-17 90112]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-20 8462336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-20 81920]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe" [2011-04-13 387696]
.
c:\users\Lotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\users\Aupex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll d:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3814163011-2074231880-4065175572-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2007-08-23 61440]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-11-18 13224]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys [2008-12-13 40496]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-21 64288]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2006-11-17 210224]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-07 717296]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2010-06-01 902432]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-01 2326920]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot2\SDWinSec.exe [2009-01-26 1153368]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-06-01 159168]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 14:01]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 14:01]
.
2011-06-08 c:\windows\Tasks\User_Feed_Synchronization-{B7E58F2E-7704-4F70-9EB3-32EB591D496C}.job
- c:\windows\system32\msfeedssync.exe [2011-04-14 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: add to &BOM - d:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Alles mit FDM herunterladen - file://d:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://d:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://d:\program files\Free Download Manager\dllink.htm
IE: Download with Xilisoft Download YouTube Video - d:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: Free YouTube to Mp3 Converter - c:\users\Aupex\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://d:\program files\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Aupex\AppData\Roaming\Mozilla\Firefox\Profiles\z8fjhgyp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-08 15:21
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-06-08  15:24:25
ComboFix-quarantined-files.txt  2011-06-08 13:24
ComboFix2.txt  2011-06-08 10:30
.
Vor Suchlauf: 673.710.080 Bytes frei
Nach Suchlauf: 624.050.176 Bytes frei
.
- - End Of File - - 4CDF96E6C49BB70D0BCB5CC7F4058AC6

cosinus · 08.06.2011, 20:51

Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:

Code:

ATTFilter

Folders to delete:
C:\kleaner.tmp

4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei File-Upload.net - Ihr kostenloser File Hoster! hochladen und hier verlinken

aupex · 09.06.2011, 16:38

So,
Logdatei wurde nicht angezeigt. könnte daran liegen, dass mein Kaspersky mit Windows Startet. Des weiteren wurde keine Zip-Datei erzeugt. Ich habe einfach den Inhalt von C:\Avenger in eine Zip gepackt.

File-Upload.net - backup.zip

Bis hier her schon mal DANKE

cosinus · 09.06.2011, 18:57

Ist aber nicht verlinkt... "File-Upload.net - backup.zip" als Schriftzug bringt nichts

aupex · 09.06.2011, 19:10

hxxp://www.file-upload.net/download-3494868/backup.zip.html

09.06.2011, 18:57	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	HDD Fehler, Desktop leer, Windows Rescue... Ist aber nicht verlinkt... "File-Upload.net - backup.zip" als Schriftzug bringt nichts __________________ Logfiles bitte immer in CODE-Tags posten

HDD Fehler, Desktop leer, Windows Rescue...

Plagegeister aller Art und deren Bekämpfung: HDD Fehler, Desktop leer, Windows Rescue...