Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Nach lautem Piepton geht nichts mehr

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.08.2011, 09:04   #1
Joaneta
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Guten Morgen!

Ich hab seit längerem das Problem, zwar nicht oft, aber immer wieder, dass mein Laptop einen lauten Piepton von sich gibt und dann nichts mehr geht. Auch lädt er sich oft nicht richtig hoch, sondern bleibt bei dem Fenster stehen, in dem zwischen abgesichertem oder normalem Modus gewählt werden kann.

Als Virenprogramm benutze ich Avira. Das hat bei mir vor zwei Wochen Malware oder Ähnliches auf dem Rechner geortet

In der Datei 'C:\Users\Anette\AppData\Local\Temp\CSMECD3.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.205440' [adware] gefunden.
Ausgeführte Aktion: Zugriff erlauben

Jetzt habe ich eure Schritte befolgt und die Logfiles erstellt:
OTL.TxtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.07.2011 22:17:25 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anette\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,40% Memory free
6,20 Gb Paging File | 5,10 Gb Available in Paging File | 82,37% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 72,76 Gb Free Space | 48,82% Space Free | Partition Type: NTFS
Drive D: | 137,32 Gb Total Space | 119,82 Gb Free Space | 87,25% Space Free | Partition Type: NTFS
Drive E: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: HEIM-PC | User Name: Anette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Anette\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\XSManager\WTGService.exe ()
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE (VIA)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (SRS Labs, Inc.)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Anette\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Elantech\ETDApix.dll (ELAN Microelectronic Corp.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Norton Internet Security) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (MAGIX StartUp Analyze Service) -- C:\Program Files\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe (MAGIX AG)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WTGService) -- C:\Program Files\XSManager\WTGService.exe ()
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (SRS_VolSync_Service) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (SRS Labs, Inc.)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (AVM IGD CTRL Service) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (smsbda) -- C:\Windows\System32\drivers\smsbda.sys (Siano)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (SRS_PremiumSound_Service) -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (CRFILTER) -- C:\Windows\System32\drivers\CRFILTER.sys (Generic)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.searchcompletion.com/?si=10195&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.searchcompletion.com/?si=10195&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.defaultenginename: "Complitly"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Complitly"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.searchcompletion.com/?bs=1&si=10195&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.08 09:45:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.31 09:57:43 | 000,000,000 | ---D | M]
 
[2010.10.31 23:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anette\AppData\Roaming\mozilla\Extensions
[2011.07.31 19:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions
[2011.07.13 20:39:02 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011.06.28 23:20:38 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.07.02 19:10:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.07.31 19:01:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.06.02 02:37:49 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.10 14:13:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@conduit.com
[2011.06.02 02:48:02 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@plasmoo.com
[2011.05.13 12:44:50 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\mail@gutscheinrausch.de
[2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Anette\AppData\Roaming\Mozilla\Firefox\Profiles\3v3ywhrc.default\searchplugins\plasmoo.xml
[2011.07.30 22:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.05.01 21:36:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.07.01 11:25:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.13 20:37:33 | 000,000,000 | ---D | M] (eBay-Toolbar by AB-Tools.com) -- C:\Program Files\mozilla firefox\extensions\toolbarebay@ab-tools.com
File not found (No name found) -- 
() (No name found) -- C:\USERS\ANETTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V3YWHRC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ANETTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V3YWHRC.DEFAULT\EXTENSIONS\CIUVO-EXTENSION@BILLIGER.DE.XPI
() (No name found) -- C:\USERS\ANETTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V3YWHRC.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
[2010.11.02 10:50:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.06.27 22:28:13 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.01 11:25:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.07.13 20:39:00 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Anette\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Anette\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anette\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anette\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anette\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B2A5AE26-618F-7FAA-A70C-2F9D1FCE0A36} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE - (McAfee, Inc.)
MsConfig - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\AsScrProlog.exe ()
MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
MsConfig - StartUpReg: ATKOSD2 - hkey= - key= - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
MsConfig - StartUpReg: CloneCDTray - hkey= - key= - File not found
MsConfig - StartUpReg: DisableS3S4 - hkey= - key= - File not found
MsConfig - StartUpReg: EA Core - hkey= - key= - File not found
MsConfig - StartUpReg: HControlUser - hkey= - key= - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.31 00:11:48 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\dvdcss
[2011.07.30 23:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.07.30 23:35:07 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.07.30 23:13:34 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\MAGIX
[2011.07.30 23:06:30 | 000,000,000 | ---D | C] -- C:\Users\Anette\Documents\MAGIX_MxTray
[2011.07.30 22:58:04 | 000,000,000 | ---D | C] -- C:\Users\Anette\Documents\OnDemandDump
[2011.07.30 22:58:04 | 000,000,000 | ---D | C] -- C:\Users\Anette\Documents\CrashLog
[2011.07.30 22:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2011.07.30 22:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2011.07.30 22:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2011.07.30 22:40:45 | 000,000,000 | ---D | C] -- C:\Users\Anette\Desktop\Desktop\Bilder
[2011.07.30 22:38:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.07.25 23:26:46 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\vlc
[2011.07.25 23:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011.07.16 20:58:06 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Local\updater4g
[2011.07.16 20:54:10 | 000,311,976 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\Windows\updater4g.exe
[2011.07.16 20:54:10 | 000,159,912 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
[2011.07.16 20:54:07 | 000,052,128 | ---- | C] (Siano) -- C:\Windows\System32\drivers\smsbda.sys
[2011.07.16 20:54:06 | 000,133,120 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_netamd.sys
[2011.07.16 20:54:06 | 000,118,272 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_seramd.sys
[2011.07.16 20:54:06 | 000,112,640 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_net32.sys
[2011.07.16 20:54:06 | 000,103,680 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_ser32.sys
[2011.07.16 20:54:06 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\XSManager
[2011.07.16 20:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager
[2011.07.16 20:46:50 | 000,103,424 | ---- | C] (Mobile Connector) -- C:\Windows\System32\drivers\cmnsusbser.sys
[2011.07.16 20:46:50 | 000,019,488 | ---- | C] (Siano) -- C:\Windows\System32\smsprops.dll
[2011.07.16 20:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\XSManager
[2011.07.13 20:38:57 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\Complitly
[2011.07.13 20:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly
[2011.07.13 20:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchOnline
[2011.07.13 20:38:26 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt
[2011.07.13 20:38:25 | 000,000,000 | ---D | C] -- C:\Users\Anette\Documents\Ahnenblatt
[2011.07.13 20:38:20 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\Ahnenblatt
[2011.07.13 20:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Ahnenblatt
[2011.07.13 20:37:52 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\SchnellSchreiben
[2011.07.13 20:37:31 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\ABToolsToolbarEBay
[2011.07.13 20:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schnell Schreiben
[2011.07.13 20:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\AB-Tools.com
[2011.07.13 20:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaloMa
[2011.07.13 20:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\KaloMa
[2011.07.13 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\Anette\Documents\My Games
[2011.07.13 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Local\My Games
[2011.07.13 19:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2011.07.13 19:44:31 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\Avira
[2011.07.13 19:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.07.13 19:42:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.07.13 19:42:50 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.13 19:42:50 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.13 19:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.07.13 19:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.07.13 18:18:00 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Local\Winload
[2011.07.13 18:17:55 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Local\ConduitEngine
[2011.07.13 18:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011.07.13 10:10:49 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\CyberLink
[2011.07.13 10:00:15 | 000,722,416 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2011.07.13 09:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
[2011.07.13 09:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2011.07.13 00:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\billigerde
[2011.07.08 09:45:18 | 000,086,016 | ---- | C] (MindVision) -- C:\Windows\unvise32qt.exe
[2011.07.08 09:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.07.08 09:43:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2011.07.08 09:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.07.08 09:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2011.07.06 21:10:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.07.06 15:21:51 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2011.07.06 14:16:03 | 000,000,000 | ---D | C] -- C:\COKTEL
[2011.07.06 11:26:43 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Multimedia
[2011.07.06 11:26:34 | 000,015,840 | ---- | C] (Thuridion Software Engineering, Inc.) -- C:\Windows\System\PICCLIP.VBX
[2011.07.06 11:26:31 | 000,000,000 | ---D | C] -- C:\Windows\MSAPPS
[2011.07.06 11:26:21 | 000,000,000 | ---D | C] -- C:\ENCARTA
[2011.07.06 11:14:05 | 000,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2008.11.03 09:03:27 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2 C:\Users\Anette\Desktop\Desktop\*.tmp files -> C:\Users\Anette\Desktop\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.31 22:12:57 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job
[2011.07.31 22:10:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.31 22:10:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.31 22:10:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.31 22:10:32 | 3220,299,776 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.31 09:58:59 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.07.31 01:13:45 | 000,000,020 | ---- | M] () -- C:\Users\Anette\defogger_reenable
[2011.07.31 01:04:48 | 000,002,531 | ---- | M] () -- C:\Users\Anette\Desktop\Desktop\HiJackThis.lnk
[2011.07.31 00:05:34 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.31 00:05:34 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.31 00:05:34 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.31 00:05:34 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.30 22:58:01 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX PC Check & Tuning Free 2011.lnk
[2011.07.30 22:17:29 | 000,018,944 | ---- | M] () -- C:\Users\Anette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.26 09:43:01 | 000,000,104 | ---- | M] () -- C:\Users\Anette\Desktop\Desktop\Papierkorb - Verknüpfung.lnk
[2011.07.16 20:46:51 | 000,101,056 | ---- | M] () -- C:\Windows\System32\drivers\dvb_nova_12mhz_b0.inp
[2011.07.16 20:46:51 | 000,092,456 | ---- | M] () -- C:\Windows\System32\drivers\isdbt_nova_12mhz_b0.inp
[2011.07.16 20:46:51 | 000,079,036 | ---- | M] () -- C:\Windows\System32\drivers\tdmb_nova_12mhz_b0.inp
[2011.07.16 20:46:51 | 000,000,040 | ---- | M] () -- C:\Windows\System32\drivers\smsbda.cfg
[2011.07.16 20:46:50 | 000,103,424 | ---- | M] (Mobile Connector) -- C:\Windows\System32\drivers\cmnsusbser.sys
[2011.07.16 20:46:50 | 000,052,128 | ---- | M] (Siano) -- C:\Windows\System32\drivers\smsbda.sys
[2011.07.16 20:46:50 | 000,019,488 | ---- | M] (Siano) -- C:\Windows\System32\smsprops.dll
[2011.07.16 20:46:49 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_seramd.sys
[2011.07.16 20:46:49 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_ser32.sys
[2011.07.16 20:46:48 | 000,133,120 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_netamd.sys
[2011.07.16 20:46:48 | 000,112,640 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_net32.sys
[2011.07.15 23:29:52 | 000,771,698 | ---- | M] () -- C:\Users\Anette\Documents\Anleitung Gutscheine Schlecker-com.pdf
[2011.07.14 19:37:21 | 000,379,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.13 19:46:18 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.13 19:46:18 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.13 18:17:55 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.07.13 16:10:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.07.08 10:17:08 | 000,000,000 | ---- | M] () -- C:\Users\Public\Documents\PCD549.L!C
[2011.07.06 11:26:36 | 000,000,294 | ---- | M] () -- C:\Windows\encarta.ini
[2011.07.06 11:26:33 | 000,210,944 | ---- | M] () -- C:\Windows\System32\MSVCRT10.DLL
[2011.07.06 11:26:33 | 000,065,692 | ---- | M] () -- C:\Windows\System\ARIAL.TTF
[2011.07.06 11:26:33 | 000,064,516 | ---- | M] () -- C:\Windows\System\SYMBOL.TTF
[2 C:\Users\Anette\Desktop\Desktop\*.tmp files -> C:\Users\Anette\Desktop\Desktop\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.31 01:13:20 | 000,000,020 | ---- | C] () -- C:\Users\Anette\defogger_reenable
[2011.07.30 23:35:07 | 000,002,531 | ---- | C] () -- C:\Users\Anette\Desktop\Desktop\HiJackThis.lnk
[2011.07.30 22:58:05 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\PCCT - MAGIX AG.job
[2011.07.30 22:58:01 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX PC Check & Tuning Free 2011.lnk
[2011.07.26 09:42:41 | 000,000,104 | ---- | C] () -- C:\Users\Anette\Desktop\Desktop\Papierkorb - Verknüpfung.lnk
[2011.07.16 20:54:06 | 000,101,056 | ---- | C] () -- C:\Windows\System32\drivers\dvb_nova_12mhz_b0.inp
[2011.07.16 20:54:06 | 000,092,456 | ---- | C] () -- C:\Windows\System32\drivers\isdbt_nova_12mhz_b0.inp
[2011.07.16 20:54:06 | 000,079,036 | ---- | C] () -- C:\Windows\System32\drivers\tdmb_nova_12mhz_b0.inp
[2011.07.16 20:54:06 | 000,000,040 | ---- | C] () -- C:\Windows\System32\drivers\smsbda.cfg
[2011.07.15 23:29:52 | 000,771,698 | ---- | C] () -- C:\Users\Anette\Documents\Anleitung Gutscheine Schlecker-com.pdf
[2011.07.13 16:10:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.07.08 10:17:08 | 000,000,000 | ---- | C] () -- C:\Users\Public\Documents\PCD549.L!C
[2011.07.06 11:26:34 | 000,022,532 | ---- | C] () -- C:\Windows\System\SPUSH.VBX
[2011.07.06 11:26:34 | 000,011,264 | ---- | C] () -- C:\Windows\CATSTUB.EXE
[2011.07.06 11:26:34 | 000,000,294 | ---- | C] () -- C:\Windows\encarta.ini
[2011.07.06 11:26:33 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2011.07.06 11:26:33 | 000,065,692 | ---- | C] () -- C:\Windows\System\ARIAL.TTF
[2011.07.06 11:26:33 | 000,064,516 | ---- | C] () -- C:\Windows\System\SYMBOL.TTF
[2011.05.09 22:36:42 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.05.01 21:37:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.29 23:10:12 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011.04.27 20:00:39 | 000,000,019 | ---- | C] () -- C:\Windows\Benrep.ini
[2011.04.24 09:22:17 | 000,000,680 | ---- | C] () -- C:\Users\Anette\AppData\Local\d3d9caps.dat
[2011.02.15 15:40:38 | 000,000,042 | ---- | C] () -- C:\Windows\SIMTOWN.INI
[2010.12.14 22:00:54 | 000,000,141 | ---- | C] () -- C:\Windows\disney.ini
[2010.11.17 21:43:09 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.11.17 21:43:09 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.11.17 21:43:09 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.11.17 21:43:09 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.11.17 21:43:09 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.11.17 21:43:09 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.11.17 21:43:09 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.11.17 21:43:09 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.11.17 21:43:09 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.11.17 21:43:09 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.11.17 21:43:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.11.17 21:43:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.11.17 21:43:09 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.11.17 21:43:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.11.17 21:43:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.11.17 21:43:09 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.11.17 21:43:09 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.11.17 21:43:09 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.11.17 21:43:09 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.11.17 21:19:57 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2010.11.14 13:32:24 | 000,000,032 | ---- | C] () -- C:\Windows\Milli2.ini
[2010.11.01 11:27:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.11.01 11:27:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.10.25 21:51:51 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010.10.25 21:47:18 | 000,018,944 | ---- | C] () -- C:\Users\Anette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.18 02:45:49 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009.08.18 02:37:14 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009.08.18 02:34:49 | 000,233,128 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys
[2009.08.18 02:30:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.08.18 01:37:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.19 04:16:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.01.08 20:25:27 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.10.30 00:54:39 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2008.10.21 17:39:59 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.10.21 17:39:59 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.10.14 23:57:58 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.08.11 04:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.05.12 05:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.04.16 13:11:34 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 13:11:34 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.04.07 08:00:45 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,379,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2000.02.10 01:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe
[2000.02.10 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2011.07.13 20:37:33 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\ABToolsToolbarEBay
[2011.07.31 09:57:45 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\Ahnenblatt
[2011.06.13 01:48:10 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\Audacity
[2011.07.13 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\Complitly
[2010.12.05 16:36:21 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2010.12.14 22:58:38 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\Desperate Housewives
[2011.06.02 02:46:31 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\DVDVideoSoft
[2011.06.02 02:47:56 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.06 15:46:52 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\FRITZ!
[2010.12.07 11:26:07 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.02.18 23:35:40 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\InterTrust
[2011.07.30 23:13:34 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\MAGIX
[2011.05.13 12:44:26 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\OpenCandy
[2011.01.27 13:24:05 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\PhotoScape
[2011.06.08 11:32:21 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\PixelPlanet
[2011.07.01 11:23:47 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\Pogo Games
[2011.07.13 20:38:58 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\SchnellSchreiben
[2011.07.16 22:01:36 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\XSManager
[2011.07.31 22:12:57 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCCT - MAGIX AG.job
[2011.07.31 22:09:27 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.10.25 21:45:41 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.08.18 02:46:01 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2011.07.30 23:32:33 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.07.06 14:16:03 | 000,000,000 | ---D | M] -- C:\COKTEL
[2011.07.30 23:38:27 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.07.06 11:26:53 | 000,000,000 | ---D | M] -- C:\ENCARTA
[2011.06.23 20:08:20 | 000,000,000 | ---D | M] -- C:\hegames
[2011.04.27 20:00:38 | 000,000,000 | ---D | M] -- C:\KIDDINX
[2009.08.18 01:28:54 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.30 23:35:07 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.07.30 22:57:35 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.02.17 23:44:48 | 000,000,000 | ---D | M] -- C:\Programme
[2011.02.15 15:41:00 | 000,000,000 | ---D | M] -- C:\SIMTOWN
[2011.07.31 22:18:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.13 09:57:06 | 000,000,000 | ---D | M] -- C:\Terzio
[2010.11.14 13:32:22 | 000,000,000 | ---D | M] -- C:\Tivola
[2010.10.25 21:34:04 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.31 09:58:37 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2009.08.18 01:52:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.08.18 01:52:44 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.08.18 01:52:44 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.08.18 01:52:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-30 20:08:50
 
< >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:D17840BF2F5646D8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:588B60C7
 
< End of report >
         
--- --- ---


Extra.Txt und den scan von GMER sind angehängt.


Ich war schon kurz davor Vista neu aufzusetzen, wollte aber vorher fragen, ob das überhaupt notwendig ist.
Ganz lieben Dank schon mal für die Hilfe.

LG Anette

Alt 01.08.2011, 11:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 01.08.2011, 14:14   #3
Joaneta
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Hab ich gemacht:

Datenbank Version: 7343

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

01.08.2011 13:43:01
mbam-log-2011-08-01 (13-43-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 334868
Laufzeit: 1 Stunde(n), 24 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

sieht doch eigentlich gut aus, oder?

Gruß Anette
__________________

Alt 01.08.2011, 14:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.08.2011, 14:50   #5
Joaneta
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Hey,

bei den Logdateien ist nur die Datei protektion-log

12:18:20 Anette MESSAGE Protection started successfully
12:18:27 Anette MESSAGE IP Protection started successfully
12:19:18 Anette ERROR Scheduled update failed: No address found failed with error code 11004

und dann noch lauter IP-BLOCKs, aber kann ich das hier einfach so posten?

Mehr hab ich nicht. Hab mir das erst vorhin runtergeladen und dann durchlaufen lassen.

Grütz


Alt 01.08.2011, 14:57   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Ja bitte alles posten
__________________
--> Nach lautem Piepton geht nichts mehr

Alt 01.08.2011, 14:59   #7
Joaneta
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



12:18:20 Anette MESSAGE Protection started successfully
12:18:27 Anette MESSAGE IP Protection started successfully
12:19:18 Anette ERROR Scheduled update failed: No address found failed with error code 11004
15:18:18 Anette IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50331, Process: firefox.exe)
15:18:18 Anette IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50332, Process: firefox.exe)
15:18:18 Anette IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50333, Process: firefox.exe)
15:18:18 Anette IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50334, Process: firefox.exe)
15:18:18 Anette IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50335, Process: firefox.exe)
15:18:18 Anette IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50336, Process: firefox.exe)

Alt 01.08.2011, 15:00   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Führe auch bitte ESET aus, danach sehen wir weiter.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.08.2011, 18:31   #9
Joaneta
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Hallo,

hab es leider nicht früher geschafft. hier das Ergebnis:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=55e88d956e75ce4d8c29c49924dcad22
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-01 02:21:15
# local_time=2011-08-01 04:21:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 108788 48739717 144420 0
# compatibility_mode=5892 16776573 100 100 271914 149740582 0 0
# compatibility_mode=8192 67108863 100 0 192 192 0 0
# scanned=4004
# found=0
# cleaned=0
# scan_time=620
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=55e88d956e75ce4d8c29c49924dcad22
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-02 11:31:25
# local_time=2011-08-02 01:31:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 184806 48815735 45977 0
# compatibility_mode=5892 16776573 100 100 122 149816600 0 0
# compatibility_mode=8192 67108863 100 0 76210 76210 0 0
# scanned=26246
# found=0
# cleaned=0
# scan_time=813
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=55e88d956e75ce4d8c29c49924dcad22
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-02 11:59:01
# local_time=2011-08-02 01:59:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 186067 48816996 47238 0
# compatibility_mode=5892 16776573 100 100 1383 149817861 0 0
# compatibility_mode=8192 67108863 100 0 77471 77471 0 0
# scanned=43483
# found=0
# cleaned=0
# scan_time=1208
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=55e88d956e75ce4d8c29c49924dcad22
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-02 04:41:24
# local_time=2011-08-02 06:41:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 197951 48828880 59122 0
# compatibility_mode=5892 16776573 100 100 13267 149829745 0 0
# compatibility_mode=8192 67108863 100 0 89355 89355 0 0
# scanned=193246
# found=0
# cleaned=0
# scan_time=6266


Gruß
Anette

Alt 02.08.2011, 21:05   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?si=10195&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?si=10195&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.defaultenginename: "Complitly"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "http://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Complitly"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.searchcompletion.com/?bs=1&si=10195&q="
[2011.07.13 20:39:02 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011.06.28 23:20:38 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.07.02 19:10:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.10 14:13:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@conduit.com
[2011.06.02 02:48:02 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@plasmoo.com
[2011.05.13 12:44:50 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\mail@gutscheinrausch.de
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Anette\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.07.31 09:58:59 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
@Alternate Data Stream - 72 bytes -> C:\Windows:D17840BF2F5646D8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:588B60C7
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.08.2011, 21:23   #11
Joaneta
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Hey,

hier bitte:

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
C:\Program Files\Winload\prxtbWinl.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\prxtbWinl.dll not found.
Prefs.js: "Complitly" removed from browser.search.defaultengine
Prefs.js: "Complitly" removed from browser.search.defaultenginename
Prefs.js: "Plasmoo" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Complitly" removed from browser.search.order.1
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.searchcompletion.com/?bs=1&si=10195&q=" removed from keyword.URL
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\defaults folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome\content folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\searchplugin folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\modules folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\META-INF folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\defaults folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@plasmoo.com\skin folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@plasmoo.com\searchplugin folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@plasmoo.com\chrome\content folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@plasmoo.com\chrome folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@plasmoo.com folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\mail@gutscheinrausch.de\chrome\content\skin folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\mail@gutscheinrausch.de\chrome\content folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\mail@gutscheinrausch.de\chrome folder moved successfully.
C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\mail@gutscheinrausch.de folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\prxtbWinl.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}\ deleted successfully.
C:\Users\Anette\AppData\Roaming\Complitly\Complitly.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Program Files\Winload\prxtbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Program Files\Winload\prxtbWinl.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Windows\System32\acovcnt.exe moved successfully.
ADS C:\Windows17840BF2F5646D8 deleted successfully.
ADS C:\ProgramData\Temp:588B60C7 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 08022011_221817


Meine Firefox-Maske hat sich verändert. Ich nehme an, das habe ich gerade selbst geändert.

Gruß

Alt 02.08.2011, 21:50   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.08.2011, 22:15   #13
Joaneta
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



2011/08/02 23:11:00.0879 3148 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/02 23:11:00.0972 3148 ================================================================================
2011/08/02 23:11:00.0972 3148 SystemInfo:
2011/08/02 23:11:00.0972 3148
2011/08/02 23:11:00.0972 3148 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/02 23:11:00.0972 3148 Product type: Workstation
2011/08/02 23:11:00.0972 3148 ComputerName: HEIM-PC
2011/08/02 23:11:00.0972 3148 UserName: Anette
2011/08/02 23:11:00.0972 3148 Windows directory: C:\Windows
2011/08/02 23:11:00.0972 3148 System windows directory: C:\Windows
2011/08/02 23:11:00.0972 3148 Processor architecture: Intel x86
2011/08/02 23:11:00.0972 3148 Number of processors: 2
2011/08/02 23:11:00.0972 3148 Page size: 0x1000
2011/08/02 23:11:00.0972 3148 Boot type: Normal boot
2011/08/02 23:11:00.0972 3148 ================================================================================
2011/08/02 23:11:02.0142 3148 Initialize success
2011/08/02 23:11:04.0592 3460 ================================================================================
2011/08/02 23:11:04.0592 3460 Scan started
2011/08/02 23:11:04.0592 3460 Mode: Manual;
2011/08/02 23:11:04.0592 3460 ================================================================================
2011/08/02 23:11:05.0762 3460 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/02 23:11:05.0949 3460 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/02 23:11:05.0980 3460 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/02 23:11:06.0027 3460 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/02 23:11:06.0058 3460 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/02 23:11:06.0230 3460 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/02 23:11:06.0308 3460 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/02 23:11:06.0354 3460 ahcix86s (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\DRIVERS\ahcix86s.sys
2011/08/02 23:11:06.0448 3460 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/02 23:11:06.0495 3460 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/02 23:11:06.0588 3460 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/02 23:11:06.0620 3460 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/02 23:11:06.0744 3460 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/02 23:11:06.0791 3460 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/02 23:11:06.0994 3460 amdkmdag (6b6dca316ea487331e8f4a8eab65c9c6) C:\Windows\system32\DRIVERS\atipmdag.sys
2011/08/02 23:11:07.0181 3460 amdkmdap (e78f5daa88e4b240e0e1d82ed0e7d96a) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/02 23:11:07.0353 3460 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/02 23:11:07.0431 3460 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/02 23:11:07.0556 3460 AsDsm (104db777372411c55850c4a2ae6877ef) C:\Windows\system32\drivers\AsDsm.sys
2011/08/02 23:11:07.0634 3460 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/08/02 23:11:07.0758 3460 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/02 23:11:07.0836 3460 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/02 23:11:07.0977 3460 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
2011/08/02 23:11:08.0148 3460 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/02 23:11:08.0258 3460 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/02 23:11:08.0336 3460 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/02 23:11:08.0507 3460 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/02 23:11:08.0601 3460 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/02 23:11:08.0726 3460 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/02 23:11:08.0819 3460 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/02 23:11:08.0866 3460 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/02 23:11:08.0991 3460 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/02 23:11:09.0038 3460 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/02 23:11:09.0084 3460 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/02 23:11:09.0147 3460 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/02 23:11:09.0209 3460 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/02 23:11:09.0350 3460 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/02 23:11:09.0428 3460 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/02 23:11:09.0490 3460 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/02 23:11:09.0537 3460 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/02 23:11:09.0708 3460 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/02 23:11:09.0755 3460 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/02 23:11:09.0911 3460 cmnsusbser (9e0e66c55e92b672e7c5955312c22ade) C:\Windows\system32\DRIVERS\cmnsusbser.sys
2011/08/02 23:11:09.0958 3460 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/02 23:11:09.0989 3460 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/02 23:11:10.0067 3460 CRFILTER (d18893845ae1c5833b5b2ea9b7f5c670) C:\Windows\system32\DRIVERS\CRFILTER.sys
2011/08/02 23:11:10.0114 3460 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/02 23:11:10.0286 3460 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/02 23:11:10.0379 3460 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/02 23:11:10.0520 3460 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/02 23:11:10.0598 3460 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/02 23:11:10.0707 3460 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/02 23:11:10.0816 3460 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/02 23:11:10.0972 3460 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/08/02 23:11:11.0066 3460 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/02 23:11:11.0112 3460 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/02 23:11:11.0237 3460 ETD (27d322191a177793448afb6b9b11c75a) C:\Windows\system32\DRIVERS\ETD.sys
2011/08/02 23:11:11.0362 3460 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/02 23:11:11.0424 3460 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/02 23:11:11.0487 3460 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/02 23:11:11.0580 3460 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/02 23:11:11.0612 3460 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/02 23:11:11.0752 3460 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/02 23:11:11.0830 3460 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/02 23:11:11.0955 3460 fssfltr (17829180deebf703ec7f445ac3abea99) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/08/02 23:11:12.0017 3460 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/02 23:11:12.0080 3460 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/02 23:11:12.0236 3460 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/02 23:11:12.0298 3460 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/02 23:11:12.0360 3460 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/02 23:11:12.0392 3460 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/02 23:11:12.0470 3460 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/02 23:11:12.0516 3460 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/02 23:11:12.0579 3460 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/02 23:11:12.0610 3460 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/02 23:11:12.0735 3460 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/02 23:11:12.0782 3460 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/02 23:11:12.0844 3460 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/02 23:11:12.0906 3460 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/02 23:11:12.0969 3460 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/02 23:11:13.0109 3460 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/02 23:11:13.0187 3460 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/02 23:11:13.0234 3460 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/02 23:11:13.0265 3460 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/02 23:11:13.0296 3460 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/02 23:11:13.0343 3460 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/02 23:11:13.0390 3460 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/02 23:11:13.0484 3460 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/02 23:11:13.0530 3460 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/02 23:11:13.0577 3460 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/08/02 23:11:13.0718 3460 kbfiltr (7f2b8d0b31fb4a797e5786ef124c5a80) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/08/02 23:11:13.0796 3460 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/02 23:11:13.0905 3460 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/02 23:11:13.0952 3460 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/02 23:11:13.0983 3460 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/02 23:11:14.0014 3460 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/02 23:11:14.0045 3460 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/02 23:11:14.0154 3460 lullaby (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
2011/08/02 23:11:14.0264 3460 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/02 23:11:14.0373 3460 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/02 23:11:14.0451 3460 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/02 23:11:14.0529 3460 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/02 23:11:14.0576 3460 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/02 23:11:14.0607 3460 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/02 23:11:14.0638 3460 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/02 23:11:14.0685 3460 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/02 23:11:14.0732 3460 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/02 23:11:14.0763 3460 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/02 23:11:14.0810 3460 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/02 23:11:14.0856 3460 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/02 23:11:14.0919 3460 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/02 23:11:14.0966 3460 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/02 23:11:14.0997 3460 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/02 23:11:15.0075 3460 msahci (de77526bde93142bdc90cfa9f5cead36) C:\Windows\system32\drivers\msahci.sys
2011/08/02 23:11:15.0106 3460 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/02 23:11:15.0262 3460 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/02 23:11:15.0324 3460 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/02 23:11:15.0418 3460 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/02 23:11:15.0465 3460 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/02 23:11:15.0527 3460 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/02 23:11:15.0590 3460 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/02 23:11:15.0683 3460 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/02 23:11:15.0730 3460 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/02 23:11:15.0777 3460 MTsensor (bb16693616427eac1a436e106ea8d318) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/08/02 23:11:15.0839 3460 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/02 23:11:15.0933 3460 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/02 23:11:16.0058 3460 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/02 23:11:16.0120 3460 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/02 23:11:16.0167 3460 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/02 23:11:16.0245 3460 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/02 23:11:16.0292 3460 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/02 23:11:16.0338 3460 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/02 23:11:16.0416 3460 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/02 23:11:16.0510 3460 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/02 23:11:16.0572 3460 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys
2011/08/02 23:11:16.0650 3460 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys
2011/08/02 23:11:16.0682 3460 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/02 23:11:16.0744 3460 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/02 23:11:16.0822 3460 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/02 23:11:16.0853 3460 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/02 23:11:16.0884 3460 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/02 23:11:16.0931 3460 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/02 23:11:16.0962 3460 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/02 23:11:16.0994 3460 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/02 23:11:17.0165 3460 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/02 23:11:17.0259 3460 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/02 23:11:17.0321 3460 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/02 23:11:17.0384 3460 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/02 23:11:17.0446 3460 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/02 23:11:17.0477 3460 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/08/02 23:11:17.0508 3460 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/02 23:11:17.0649 3460 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/02 23:11:17.0852 3460 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/02 23:11:17.0883 3460 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/08/02 23:11:17.0945 3460 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/02 23:11:17.0992 3460 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/02 23:11:18.0132 3460 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/02 23:11:18.0195 3460 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/02 23:11:18.0257 3460 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/02 23:11:18.0351 3460 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/02 23:11:18.0382 3460 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/02 23:11:18.0444 3460 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/02 23:11:18.0491 3460 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/02 23:11:18.0538 3460 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/02 23:11:18.0585 3460 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/02 23:11:18.0616 3460 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/02 23:11:18.0647 3460 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/02 23:11:18.0710 3460 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/02 23:11:18.0772 3460 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/02 23:11:18.0897 3460 RTL8169 (f875e277a79ef9d6f3ac89abb557a689) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/08/02 23:11:18.0975 3460 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/02 23:11:19.0100 3460 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/02 23:11:19.0162 3460 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/02 23:11:19.0209 3460 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/02 23:11:19.0256 3460 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/02 23:11:19.0302 3460 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/02 23:11:19.0365 3460 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/02 23:11:19.0396 3460 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/02 23:11:19.0427 3460 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/02 23:11:19.0552 3460 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/02 23:11:19.0614 3460 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/02 23:11:19.0661 3460 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/02 23:11:19.0708 3460 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/02 23:11:19.0755 3460 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/02 23:11:19.0880 3460 smsbda (b6ec7845e26cf7a158a79d01df086de1) C:\Windows\system32\drivers\smsbda.sys
2011/08/02 23:11:19.0989 3460 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/08/02 23:11:20.0160 3460 SNP2UVC (060f51141b20b8156804446a04ab8b2a) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/08/02 23:11:20.0223 3460 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/02 23:11:20.0301 3460 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\System32\Drivers\sptd.sys
2011/08/02 23:11:20.0441 3460 SRS_PremiumSound_Service (b747ea555a72070f258b3e31e1392d62) C:\Windows\system32\drivers\srs_PremiumSound_i386.sys
2011/08/02 23:11:20.0535 3460 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/02 23:11:20.0597 3460 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/02 23:11:20.0628 3460 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/02 23:11:20.0675 3460 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/08/02 23:11:20.0831 3460 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/08/02 23:11:20.0894 3460 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/02 23:11:20.0956 3460 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/02 23:11:20.0987 3460 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/02 23:11:21.0034 3460 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/02 23:11:21.0128 3460 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/08/02 23:11:21.0206 3460 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/02 23:11:21.0237 3460 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/02 23:11:21.0284 3460 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/02 23:11:21.0377 3460 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/02 23:11:21.0440 3460 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/02 23:11:21.0486 3460 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/02 23:11:21.0611 3460 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/02 23:11:21.0658 3460 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/02 23:11:21.0705 3460 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/02 23:11:21.0752 3460 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/02 23:11:21.0798 3460 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/02 23:11:21.0923 3460 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/02 23:11:21.0970 3460 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/02 23:11:22.0017 3460 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/02 23:11:22.0048 3460 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/02 23:11:22.0095 3460 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/02 23:11:22.0204 3460 upperdev (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/08/02 23:11:22.0298 3460 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/02 23:11:22.0360 3460 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/02 23:11:22.0407 3460 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/02 23:11:22.0438 3460 usbfilter (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/08/02 23:11:22.0454 3460 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/02 23:11:22.0500 3460 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/02 23:11:22.0547 3460 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/02 23:11:22.0625 3460 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/02 23:11:22.0688 3460 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
2011/08/02 23:11:22.0781 3460 UsbserFilt (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2011/08/02 23:11:22.0828 3460 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/02 23:11:22.0875 3460 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/02 23:11:22.0968 3460 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/02 23:11:23.0031 3460 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/02 23:11:23.0062 3460 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/02 23:11:23.0109 3460 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/02 23:11:23.0218 3460 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/02 23:11:23.0327 3460 VIAHdAudAddService (14235ab7040218ef4b3cc86a693c0b2e) C:\Windows\system32\drivers\viahduaa.sys
2011/08/02 23:11:23.0358 3460 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/02 23:11:23.0390 3460 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/02 23:11:23.0436 3460 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/02 23:11:23.0483 3460 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/02 23:11:23.0530 3460 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/02 23:11:23.0577 3460 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/02 23:11:23.0608 3460 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/02 23:11:23.0639 3460 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/02 23:11:23.0780 3460 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/02 23:11:23.0826 3460 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/02 23:11:24.0092 3460 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/02 23:11:24.0170 3460 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/02 23:11:24.0216 3460 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/02 23:11:24.0357 3460 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/02 23:11:24.0466 3460 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/08/02 23:11:24.0513 3460 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
2011/08/02 23:11:24.0544 3460 Boot (0x1200) (869ff45f0bb4e960a96b21b1f1ffa7b9) \Device\Harddisk0\DR0\Partition0
2011/08/02 23:11:24.0575 3460 Boot (0x1200) (765ef0f6865a4a7abc375cc0d634ecc4) \Device\Harddisk0\DR0\Partition1
2011/08/02 23:11:24.0591 3460 ================================================================================
2011/08/02 23:11:24.0591 3460 Scan finished
2011/08/02 23:11:24.0591 3460 ================================================================================
2011/08/02 23:11:24.0606 2600 Detected object count: 0
2011/08/02 23:11:24.0606 2600 Actual detected object count: 0

Alt 03.08.2011, 08:33   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.08.2011, 11:02   #15
Joaneta
 
Nach lautem Piepton geht nichts mehr - Standard

Nach lautem Piepton geht nichts mehr



Erledigt:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-08-03.01 - Anette 03.08.2011  11:31:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.2013 [GMT 2:00]
ausgeführt von:: c:\users\Anette\Desktop\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-03 bis 2011-08-03  ))))))))))))))))))))))))))))))
.
.
2011-08-03 09:44 . 2011-08-03 09:45	--------	d-----w-	c:\users\Anette\AppData\Local\temp
2011-08-03 09:44 . 2011-08-03 09:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-03 09:00 . 2011-08-03 09:00	9310	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-08-03 09:00 . 2011-08-03 09:00	8646	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-08-03 09:00 . 2011-08-03 09:00	8613	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-08-03 09:00 . 2011-08-03 09:00	6429	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-08-03 09:00 . 2011-08-03 09:00	63115	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-08-03 09:00 . 2011-08-03 09:00	5927	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-08-03 09:00 . 2011-08-03 09:00	4599	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-08-03 09:00 . 2011-08-03 09:00	1651	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-08-03 08:59 . 2011-08-03 08:59	8288	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-08-03 08:59 . 2011-08-03 08:59	6910	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-08-03 08:59 . 2011-08-03 08:59	6208	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-08-03 08:59 . 2011-08-03 08:59	18541	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-08-03 08:59 . 2011-08-03 08:59	8782	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-08-03 08:59 . 2011-08-03 08:59	7271	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-08-03 08:59 . 2011-08-03 08:59	51852	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-08-03 08:59 . 2011-08-03 08:59	23327	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-08-03 08:59 . 2011-08-03 08:59	20719	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-08-03 05:45 . 2011-08-03 08:59	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-08-02 20:18 . 2011-08-02 20:18	--------	d-----w-	C:\_OTL
2011-08-02 11:15 . 2011-07-13 03:39	6881616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1C96D01-B55A-4A01-9CED-88969859C947}\mpengine.dll
2011-08-01 14:07 . 2011-08-01 14:07	--------	d-----w-	c:\program files\ESET
2011-08-01 10:13 . 2011-08-01 10:13	--------	d-----w-	c:\users\Anette\AppData\Roaming\Malwarebytes
2011-08-01 10:12 . 2011-07-06 17:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-01 10:12 . 2011-08-01 10:12	--------	d-----w-	c:\programdata\Malwarebytes
2011-08-01 10:12 . 2011-07-06 17:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-01 10:12 . 2011-08-01 10:12	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-08-01 08:02 . 2011-08-01 08:03	--------	d-----w-	c:\program files\7-Zip
2011-08-01 01:00 . 2011-08-01 01:00	--------	d-----w-	c:\program files\MSXML 4.0
2011-07-30 22:11 . 2011-07-30 22:11	--------	d-----w-	c:\users\Anette\AppData\Roaming\dvdcss
2011-07-30 21:35 . 2011-07-30 21:35	388096	----a-r-	c:\users\Anette\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-30 21:35 . 2011-07-30 21:35	--------	d-----w-	c:\program files\Trend Micro
2011-07-30 21:13 . 2011-07-30 21:13	--------	d-----w-	c:\users\Anette\AppData\Roaming\MAGIX
2011-07-30 20:57 . 2011-07-30 21:13	--------	d-----w-	c:\programdata\MAGIX
2011-07-30 20:57 . 2011-07-30 20:57	--------	d-----w-	c:\program files\MAGIX
2011-07-25 21:26 . 2011-07-25 21:27	--------	d-----w-	c:\users\Anette\AppData\Roaming\vlc
2011-07-25 21:25 . 2011-07-25 21:25	--------	d-----w-	c:\program files\VideoLAN
2011-07-16 18:58 . 2011-07-16 18:58	--------	d-----w-	c:\users\Anette\AppData\Local\updater4g
2011-07-16 18:54 . 2010-04-01 09:46	159912	----a-r-	c:\windows\starter4g.exe
2011-07-16 18:54 . 2010-04-01 09:46	311976	----a-r-	c:\windows\updater4g.exe
2011-07-16 18:54 . 2011-07-16 18:46	52128	----a-w-	c:\windows\system32\drivers\smsbda.sys
2011-07-16 18:54 . 2011-07-16 20:01	--------	d-----w-	c:\users\Anette\AppData\Roaming\XSManager
2011-07-16 18:54 . 2011-07-16 18:46	118272	----a-w-	c:\windows\system32\drivers\cm_seramd.sys
2011-07-16 18:54 . 2011-07-16 18:46	103680	----a-w-	c:\windows\system32\drivers\cm_ser32.sys
2011-07-16 18:54 . 2011-07-16 18:46	133120	----a-w-	c:\windows\system32\drivers\cm_netamd.sys
2011-07-16 18:54 . 2011-07-16 18:46	112640	----a-w-	c:\windows\system32\drivers\cm_net32.sys
2011-07-16 18:46 . 2011-07-16 18:46	19488	----a-w-	c:\windows\system32\smsprops.dll
2011-07-16 18:46 . 2011-07-16 18:46	103424	----a-w-	c:\windows\system32\drivers\cmnsusbser.sys
2011-07-16 18:46 . 2011-07-16 18:47	--------	d-----w-	c:\program files\XSManager
2011-07-13 20:08 . 2011-06-02 13:34	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-07-13 20:08 . 2011-04-20 15:55	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-07-13 20:08 . 2011-04-20 15:50	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-07-13 18:38 . 2011-08-02 20:18	--------	d-----w-	c:\users\Anette\AppData\Roaming\Complitly
2011-07-13 18:38 . 2011-07-13 18:38	--------	d-----w-	c:\program files\Complitly
2011-07-13 18:38 . 2011-07-13 18:38	--------	d-----w-	c:\programdata\SearchOnline
2011-07-13 18:38 . 2011-07-31 07:57	--------	d-----w-	c:\users\Anette\AppData\Roaming\Ahnenblatt
2011-07-13 18:38 . 2011-07-13 18:38	--------	d-----w-	c:\program files\Ahnenblatt
2011-07-13 18:37 . 2011-07-13 18:38	--------	d-----w-	c:\users\Anette\AppData\Roaming\SchnellSchreiben
2011-07-13 18:37 . 2011-07-13 18:37	--------	d-----w-	c:\users\Anette\AppData\Roaming\ABToolsToolbarEBay
2011-07-13 18:37 . 2011-07-13 18:37	--------	d-----w-	c:\program files\AB-Tools.com
2011-07-13 18:35 . 2011-07-13 18:35	--------	d-----w-	c:\program files\KaloMa
2011-07-13 18:17 . 2011-07-13 18:17	--------	d-----w-	c:\users\Anette\AppData\Local\My Games
2011-07-13 17:54 . 2011-07-13 17:54	--------	d-----w-	c:\program files\2K Games
2011-07-13 17:44 . 2011-07-13 17:44	--------	d-----w-	c:\users\Anette\AppData\Roaming\Avira
2011-07-13 17:42 . 2011-07-13 17:46	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-13 17:42 . 2011-07-13 17:46	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-07-13 17:42 . 2011-07-13 17:42	--------	d-----w-	c:\programdata\Avira
2011-07-13 17:42 . 2011-07-13 17:42	--------	d-----w-	c:\program files\Avira
2011-07-13 16:18 . 2011-07-13 16:18	--------	d-----w-	c:\users\Anette\AppData\Local\Winload
2011-07-13 16:17 . 2011-07-13 16:18	--------	d-----w-	c:\users\Anette\AppData\Local\ConduitEngine
2011-07-13 08:10 . 2011-07-13 08:10	--------	d-----w-	c:\users\Public\CyberLink
2011-07-13 08:10 . 2011-07-13 08:10	--------	d-----w-	c:\users\Anette\AppData\Roaming\CyberLink
2011-07-13 08:00 . 2011-07-13 08:00	722416	----a-w-	c:\windows\system32\drivers\sptd.sys
2011-07-13 07:59 . 2011-07-13 07:59	--------	d-----w-	c:\program files\Alcohol Soft
2011-07-12 22:55 . 2011-07-12 22:55	--------	d-----w-	c:\program files\billigerde
2011-07-11 21:48 . 2011-07-11 21:48	12800	----a-w-	c:\program files\Mozilla Firefox\plugins\npwachk.dll
2011-07-06 12:16 . 2011-07-06 12:16	--------	d-----w-	C:\COKTEL
2011-07-06 09:14 . 1996-08-16 11:49	298496	----a-w-	c:\windows\uninst.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 05:03 . 2011-05-23 07:39	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 09:26 . 2011-07-06 09:26	40960	----a-w-	c:\windows\msapps\MSINFO\MSINFO.EXE
2011-07-01 09:25 . 2011-07-01 09:25	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-05-24 17:14 . 2010-10-31 20:59	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-05-20 10:06 . 2011-05-20 10:06	1138440	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2008-10-14 21:57 . 2008-10-14 21:57	106496	----a-w-	c:\program files\Common Files\CPInstallAction.dll
2011-06-27 20:28 . 2011-05-01 19:16	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-19 61440]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-30 1392640]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-04-21 540576]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"starter4g"="c:\windows\starter4g.exe" [2010-04-01 159912]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2008-04-01 06:09	266240	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-08-18 00:37	47672	----a-w-	c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-08-18 00:37	3054136	----a-w-	c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2008-08-19 17:34	159744	----a-w-	c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-09-03 00:11	8105984	----a-w-	c:\program files\ASUS\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2008-08-18 17:56	98304	----a-w-	c:\program files\ASUS\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-08 07:45	77824	----a-w-	c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-18 15:30	15146376	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MAGIX StartUp Analyze Service;MAGIX StartUp Analyze Service;c:\program files\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe [2010-11-04 186368]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-07-16 103424]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [2011-07-16 52128]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-07-13 722416]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-04-07 70880]
S2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-01 145064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-03-19 4386304]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-03-19 93184]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-04-21 90112]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-04-01 233128]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-04-28 1019392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - cpuz132
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-03 c:\windows\Tasks\PCCT - MAGIX AG.job
- c:\program files\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe [2010-11-08 16:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mLocal Page = 
uSearchAssistant = 
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Anette\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Anette\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Anette\AppData\Roaming\Mozilla\Firefox\Profiles\3v3ywhrc.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-DisableS3S4 - c:\DisableS3S4.cmd
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe
AddRemove-SimCity 3000 Deutschland - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-08-03 11:45
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r??????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1809840607-1827242056-3926666448-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(696)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Zeit der Fertigstellung: 2011-08-03  11:57:40
ComboFix-quarantined-files.txt  2011-08-03 09:57
.
Vor Suchlauf: 14 Verzeichnis(se), 78.132.342.784 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 78.091.407.360 Bytes frei
.
- - End Of File - - 81F933BC24BCEC3F85F15AEBB1B27D96
         
--- --- ---

Antwort

Themen zu Nach lautem Piepton geht nichts mehr
alternate, antivir, audiodg.exe, bho, bingbar, c:\windows\system32\rundll32.exe, conduit, converter, desktop, dsl, error, firefox, format, frage, gfnexsrv.exe, hijack, home, igdctrl.exe, intranet, malware, mp3, msvcrt, otl.txt, piepton, problem, programm, realtek, registry, rundll, scan, sched.exe, security, security scan, senden, software, sptd.sys, start menu, stick, vdeck.exe, version=1.0, virus, vista, winload toolbar



Ähnliche Themen: Nach lautem Piepton geht nichts mehr


  1. Nach Windows update geht nichts mehr
    Log-Analyse und Auswertung - 25.06.2015 (18)
  2. Windows 7: Schwarzer Bildschirm nach ein paar Minuten im Internet, dann geht nichts mehr
    Log-Analyse und Auswertung - 05.10.2014 (24)
  3. Nach Installation von ADWCleaner geht gar nichts mehr.
    Plagegeister aller Art und deren Bekämpfung - 10.07.2014 (1)
  4. XP-Totalcrash kurz nach "letztem" Update von Windows - nichts geht mehr: Schirm schwarz!
    Alles rund um Windows - 13.04.2014 (7)
  5. Windows 8 : nach Trojaner geht nichts mehr
    Plagegeister aller Art und deren Bekämpfung - 14.10.2013 (3)
  6. weißer Bildschirm nach Zahlungsaufforderung, nichts geht mehr!
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (5)
  7. Es geht nichts mehr an meinem Rechner nach Löschung von consrv.dll :-(
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (1)
  8. Navigation zur Website wurde abgebrochen - nach Neustart geht nichts mehr
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (4)
  9. nach der Anmeldung im Win7 Weisser Bildschirm geht nichts mehr!!!!!
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (14)
  10. Weißer Bildschirm nach Start - es geht gar nichts mehr!
    Plagegeister aller Art und deren Bekämpfung - 09.03.2012 (7)
  11. Nach Installation von AntiVir geht nichts mehr. Heftiger Virus?
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (5)
  12. Security Tool - NICHTS geht mehr! Keine .exe lässt sich mehr öffnen!
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  13. Nach Systemwiderherstellung, geht so gut wie nichts mehr!
    Alles rund um Windows - 27.06.2010 (2)
  14. Pc ist seit kurzem sehr langsam,nach Anschaltung immer langsamer bis nichts mehr geht
    Plagegeister aller Art und deren Bekämpfung - 13.01.2010 (3)
  15. nach besuch von iload.to geht nichts mehr nur noch reboot
    Plagegeister aller Art und deren Bekämpfung - 26.10.2009 (10)
  16. nach antivir geht nichts mehr
    Antiviren-, Firewall- und andere Schutzprogramme - 29.05.2006 (6)
  17. Nach 5 Sekunden geht nichts mehr:(
    Plagegeister aller Art und deren Bekämpfung - 28.10.2005 (6)

Zum Thema Nach lautem Piepton geht nichts mehr - Guten Morgen! Ich hab seit längerem das Problem, zwar nicht oft, aber immer wieder, dass mein Laptop einen lauten Piepton von sich gibt und dann nichts mehr geht. Auch lädt - Nach lautem Piepton geht nichts mehr...
Archiv
Du betrachtest: Nach lautem Piepton geht nichts mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.