Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Masterbootsektor Virus "BOO/Whistler"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 31.08.2011, 01:11   #1
lapala
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



Hallo alle zusammen,
Erste Anzeichen eines Viruses war, dass meine externe Festplatte nicht mehr erkannt wurde. Nach einem Neustart blinkte nun auch mein AntiVir auf:
"Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/Whistler' [virus] gefunden"
Diese Nachricht wird für alle meine Partitionen angezeigt und der Laptop merklich langsamer.

Habe defogger und OTL ausgeführt. Bei GMER jedoch habe ich nur einen Bluescreen erhalten. Als ich es im abgesicherten Modus versuchte, ist auch der PC abgestürzt. Daher kein gmer-Protokoll.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.08.2011 01:19:35 - Run 2
OTL by OldTimer - Version 3.2.26.7     Folder = C:\Users\Moritz\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 64,78% Memory free
5,72 Gb Paging File | 4,62 Gb Available in Paging File | 80,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 9,61 Gb Free Space | 6,66% Space Free | Partition Type: NTFS
Drive D: | 72,13 Gb Total Space | 64,52 Gb Free Space | 89,45% Space Free | Partition Type: NTFS
Drive I: | 72,02 Gb Total Space | 69,32 Gb Free Space | 96,25% Space Free | Partition Type: NTFS
 
Computer Name: MORITZ-LAPTOP | User Name: Moritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.31 00:41:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Moritz\Downloads\OTL.exe
PRC - [2011.08.03 11:00:00 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011.07.03 22:53:47 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.12 14:17:07 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.05 19:07:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.28 08:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.21 04:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.06.25 08:13:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.03 22:53:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.12 14:17:07 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.28 08:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.03 22:53:56 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.03 22:53:56 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.29 18:00:20 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.10.25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.10.21 21:09:50 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.10.21 21:09:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.09.30 07:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.06 21:38:18 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.06.25 08:53:34 | 003,844,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.05.28 17:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.05.27 23:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008.04.28 19:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.01.10 03:34:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.01.10 03:34:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011.03.12 22:30:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.14 22:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.29 00:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.31 00:24:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.29 00:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.08.31 00:24:54 | 000,000,000 | ---D | M]
 
[2010.02.23 17:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Extensions
[2010.02.23 17:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.21 09:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions
[2010.12.11 14:14:01 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010.04.27 17:24:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.03 00:57:34 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011.07.16 10:51:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.05 12:32:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.07.05 12:32:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.07.05 12:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009.04.15 18:47:17 | 000,000,000 | ---D | M] (RDown - Rapidshare Downloader) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\dave2x@download
[2011.01.04 12:05:47 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\isreaditlater@ideashower.com
[2011.02.12 16:21:01 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\vshare@toolbar
[2010.12.11 14:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2011.07.05 12:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009.12.09 23:24:45 | 000,001,127 | ---- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\4zf2y16n.default\searchplugins\rapidshare-filefinder.xml
[2009.12.09 23:24:13 | 000,004,153 | ---- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\4zf2y16n.default\searchplugins\youtube.xml
[2011.08.16 10:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.18 15:09:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MORITZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZF2Y16N.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\MORITZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZF2Y16N.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2011.08.12 08:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.19 19:38:57 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wallpaper Juggler Monitor] C:\Program Files\Wallpaper Juggler\WallpaperJugglerM.exe (Topdownloads Networks)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Moritz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Moritz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Moritz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{042d38f9-29a5-11de-b14a-001d72d3342b}\Shell - "" = AutoRun
O33 - MountPoints2\{042d38f9-29a5-11de-b14a-001d72d3342b}\Shell\AutoRun\command - "" = F:\RunGame.exe
O33 - MountPoints2\{535531ae-8281-11df-81e5-979c78c094fd}\Shell - "" = AutoRun
O33 - MountPoints2\{535531ae-8281-11df-81e5-979c78c094fd}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{73374348-e1bb-11de-a178-001d72d3342b}\Shell\AutoRun\command - "" = I:\DVAP.exe
O33 - MountPoints2\{b482a856-22e2-11de-9d11-001d72d3342b}\Shell - "" = AutoRun
O33 - MountPoints2\{b482a856-22e2-11de-9d11-001d72d3342b}\Shell\AutoRun\command - "" = F:\autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Moritz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Moritz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= -  File not found
MsConfig - StartUpReg: BkupTray - hkey= - key= - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
MsConfig - StartUpReg: CLMLServer - hkey= - key= -  File not found
MsConfig - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
MsConfig - StartUpReg: ePower_DMC - hkey= - key= - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: PlayMovie - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
MsConfig - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.30 13:09:20 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Malwarebytes
[2011.08.30 13:09:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.30 13:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.30 13:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.30 13:09:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.30 13:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.29 00:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.08.29 00:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.08.29 00:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.08.28 15:10:07 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler
[2011.08.28 15:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler
[2011.08.28 15:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Wallpaper Juggler
[2011.08.26 19:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.0
[2011.08.26 18:43:05 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Foxit Software
[2011.08.15 17:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\ALDI Bestellsoftware
[2011.08.12 23:27:59 | 000,000,000 | ---D | C] -- C:\Users\Moritz\A Norway
[2011.08.12 23:04:31 | 000,000,000 | ---D | C] -- C:\Users\Moritz\America
[2011.08.03 13:07:50 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\Microsoft Corporation
[2011.08.03 13:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011.08.03 00:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.07.06 18:44:23 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Moritz\AppData\Roaming\AvsP.exe
[2011.07.06 18:41:47 | 004,284,535 | ---- | C] (ffdshow                                                     ) -- C:\Users\Moritz\AppData\Roaming\ffdshow.exe
[2011.07.06 18:41:31 | 000,642,685 | ---- | C] (Xvid team                                                   ) -- C:\Users\Moritz\AppData\Roaming\xvid.exe
[2011.07.06 18:39:39 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Moritz\AppData\Roaming\Avisynth.exe
[2008.09.25 13:49:40 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Moritz\Documents\*.tmp files -> C:\Users\Moritz\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.31 01:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.31 00:56:55 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1AEAEB46-8F29-4B72-9FF7-AAD3A371800A}.job
[2011.08.31 00:46:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.08.31 00:46:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.31 00:45:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.31 00:45:51 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.31 00:45:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.31 00:45:18 | 2951,131,136 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.31 00:44:22 | 000,000,020 | ---- | M] () -- C:\Users\Moritz\defogger_reenable
[2011.08.31 00:18:26 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.31 00:18:26 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.31 00:18:26 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.31 00:18:26 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.31 00:10:30 | 220,358,934 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.30 13:09:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.30 12:21:57 | 001,605,632 | ---- | M] () -- C:\Users\Moritz\boot.iso
[2011.08.29 00:20:49 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.28 15:42:18 | 000,247,808 | ---- | M] () -- C:\Users\Moritz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.28 15:10:07 | 000,001,755 | ---- | M] () -- C:\Users\Moritz\Desktop\Wallpaper Juggler.lnk
[2011.08.14 14:58:22 | 000,000,926 | ---- | M] () -- C:\Users\Moritz\Desktop\Dropbox.lnk
[2011.08.03 13:06:56 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Moritz\Documents\*.tmp files -> C:\Users\Moritz\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.31 00:44:07 | 000,000,020 | ---- | C] () -- C:\Users\Moritz\defogger_reenable
[2011.08.30 13:09:08 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.30 12:21:57 | 001,605,632 | ---- | C] () -- C:\Users\Moritz\boot.iso
[2011.08.29 00:20:49 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.28 15:10:07 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx
[2011.08.28 15:10:07 | 000,001,755 | ---- | C] () -- C:\Users\Moritz\Desktop\Wallpaper Juggler.lnk
[2011.08.03 13:06:56 | 000,002,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011.08.03 13:06:56 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2011.07.06 18:48:12 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.07.06 18:48:12 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.24 11:58:13 | 000,022,328 | ---- | C] () -- C:\Users\Moritz\AppData\Roaming\PnkBstrK.sys
[2010.12.24 11:57:59 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.12.24 11:57:55 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.10.16 14:50:32 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.10.16 14:50:32 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.04.02 15:33:25 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.04.02 15:33:09 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.02 15:33:08 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.04.02 15:32:36 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2010.02.23 17:52:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.30 23:34:56 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
[2009.11.12 13:34:19 | 000,000,000 | ---- | C] () -- C:\Windows\jcmkr32.INI
[2009.11.01 12:50:22 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009.10.21 21:09:50 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.10.21 21:09:49 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.05.27 17:32:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.27 17:32:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.03 19:12:34 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2009.03.16 12:45:12 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2009.02.24 14:09:00 | 000,000,569 | ---- | C] () -- C:\Windows\eReg.dat
[2009.02.04 16:00:45 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009.02.04 16:00:45 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009.02.04 16:00:45 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009.02.02 16:59:58 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.01.30 16:19:35 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.01.25 12:47:50 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.01.24 16:51:36 | 000,247,808 | ---- | C] () -- C:\Users\Moritz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.24 15:46:54 | 000,026,340 | ---- | C] () -- C:\Users\Moritz\AppData\Roaming\UserTile.png
[2009.01.24 13:36:30 | 000,000,680 | ---- | C] () -- C:\Users\Moritz\AppData\Local\d3d9caps.dat
[2009.01.24 13:17:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.25 13:48:26 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.09.25 13:48:26 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.09.25 13:48:26 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.09.25 13:48:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.09.25 04:07:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.09.25 04:04:33 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.09.25 04:04:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.09.25 04:04:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.09.25 04:04:33 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.09.25 03:55:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.08.28 05:39:18 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.08.28 05:39:18 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.08.28 05:39:18 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.08.28 05:39:18 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.08.27 20:36:03 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.08.27 20:32:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.08.27 20:32:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.08.19 04:48:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.08.19 04:48:50 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.08.19 04:48:50 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.08.19 04:48:18 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,344,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.09.18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2008.08.27 20:30:20 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Acer GameZone Console
[2010.12.10 22:58:01 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\albumart
[2009.04.16 12:25:13 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DAEMON Tools
[2009.04.16 12:26:33 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DAEMON Tools Lite
[2009.04.06 21:45:51 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DAEMON Tools Pro
[2011.08.27 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Dropbox
[2011.07.16 10:51:36 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DVDVideoSoft
[2011.07.16 10:51:06 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.26 18:43:05 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Foxit Software
[2011.08.15 14:48:24 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\gtk-2.0
[2011.08.30 23:58:21 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\ICQ
[2010.12.26 11:50:10 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Leadertech
[2009.02.10 18:37:04 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\OpenOffice.org
[2009.01.24 15:46:54 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\PeerNetworking
[2011.07.15 01:06:33 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Personal Video Database
[2009.02.15 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Pingus
[2011.02.12 19:14:38 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Rovio
[2010.10.16 14:49:03 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Samsung
[2010.04.18 15:00:48 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\smc
[2009.09.29 16:47:16 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Teeworlds
[2010.05.13 15:04:03 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\temp
[2010.02.23 17:52:49 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Thunderbird
[2009.02.08 13:32:16 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Tobit
[2010.04.27 18:00:57 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\TuneUp Software
[2009.02.09 20:24:23 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Wormux
[2011.08.31 00:44:34 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.31 00:56:55 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1AEAEB46-8F29-4B72-9FF7-AAD3A371800A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.03.19 20:12:11 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.01.24 12:48:34 | 000,000,000 | ---D | M] -- C:\Acer
[2010.02.19 14:39:55 | 000,000,000 | ---D | M] -- C:\ATI
[2009.05.27 22:55:40 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.01.24 12:43:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.30 11:09:47 | 000,000,000 | ---D | M] -- C:\Lyrics
[2008.08.27 20:13:50 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.08.31 00:24:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.30 13:09:06 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.01.24 12:43:07 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.31 01:21:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.13 14:21:23 | 000,000,000 | ---D | M] -- C:\Temp
[2009.03.19 20:11:47 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.31 00:33:03 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-30 22:51:20

< End of report >
         
--- --- ---


So nun kann ich nur hoffen, dass sich jemand meinem Problem annimmt und möchte mich schonmal im vorraus für eure Mühen bedanken
lapala

Alt 31.08.2011, 17:03   #2
Swisstreasure
/// Malwareteam
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.
__________________


Alt 31.08.2011, 18:36   #3
lapala
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



Combofix erfolgreich durchgeführt:

Code:
ATTFilter
ComboFix 11-08-31.04 - Moritz 31.08.2011  18:51:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2814.1828 [GMT 2:00]
ausgeführt von:: c:\users\Moritz\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\mazuki.dll
c:\users\Moritz\AppData\Roaming\Avisynth.exe
c:\users\Moritz\AppData\Roaming\AvsP.exe
c:\users\Moritz\AppData\Roaming\ffdshow.exe
c:\users\Moritz\AppData\Roaming\xvid.exe
c:\users\Moritz\Documents\~WRL0005.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
c:\windows\Temp\log.txt
.
c:\windows\system32\userinit.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-28 bis 2011-08-31  ))))))))))))))))))))))))))))))
.
.
2011-08-30 22:51 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BBD2F3E-F2F8-4D58-B192-B8F7152FED18}\mpengine.dll
2011-08-30 11:09 . 2011-08-30 11:09	--------	d-----w-	c:\users\Moritz\AppData\Roaming\Malwarebytes
2011-08-30 11:09 . 2011-07-06 17:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-30 11:09 . 2011-08-30 11:09	--------	d-----w-	c:\programdata\Malwarebytes
2011-08-30 11:09 . 2011-08-30 11:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-08-30 11:09 . 2011-07-06 17:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-29 09:27 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-08-29 09:27 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-08-29 09:27 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-08-29 09:27 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-08-28 22:19 . 2011-08-28 22:19	--------	d-----w-	c:\program files\iPod
2011-08-28 22:07 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-28 22:07 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-28 22:07 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-28 22:07 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-28 22:07 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-08-28 22:07 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-28 22:07 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-28 22:07 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-28 22:07 . 2011-08-28 22:07	159744	----a-w-	c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-08-28 13:10 . 2003-05-14 19:07	389120	----a-w-	c:\windows\system32\actskn43.ocx
2011-08-28 13:10 . 2011-08-28 13:10	--------	d-----w-	c:\program files\Wallpaper Juggler
2011-08-28 13:10 . 2000-05-21 22:00	140488	----a-w-	c:\windows\system32\COMDLG32.OCX
2011-08-28 13:10 . 1998-04-23 22:00	368912	----a-w-	c:\windows\system32\vbar332.dll
2011-08-26 16:43 . 2011-08-26 16:43	--------	d-----w-	c:\users\Moritz\AppData\Roaming\Foxit Software
2011-08-24 13:17 . 2011-07-11 13:25	2048	----a-w-	c:\windows\system32\tzres.dll
2011-08-15 15:01 . 2011-08-15 15:04	--------	d-----w-	c:\program files\ALDI Bestellsoftware
2011-08-12 21:27 . 2011-08-12 21:34	--------	d-----w-	c:\users\Moritz\A Norway
2011-08-12 21:04 . 2011-08-12 21:27	--------	d-----w-	c:\users\Moritz\America
2011-08-10 15:22 . 2011-06-17 16:03	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-08-10 15:21 . 2011-07-06 15:31	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 15:21 . 2011-06-06 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 15:18 . 2011-06-20 08:54	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-10 15:18 . 2011-06-20 08:54	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-10 15:18 . 2011-06-17 20:13	905104	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-03 11:07 . 2011-08-03 11:07	--------	d-----w-	c:\users\Moritz\AppData\Local\Microsoft Corporation
2011-08-03 11:06 . 2011-08-03 11:06	--------	d-----w-	c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-08-02 22:58 . 2011-08-02 22:58	--------	d-----w-	c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 14:00 . 2011-07-03 21:24	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-07-05 16:37 . 2011-07-05 16:37	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-07-03 20:53 . 2009-03-20 13:47	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-03 20:53 . 2009-03-20 13:47	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-02 17:53 . 2011-06-02 17:53	94208	----a-w-	c:\windows\system32\dpl100.dll
2011-08-31 10:23 . 2011-07-06 08:41	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Moritz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Moritz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Moritz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Moritz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Wallpaper Juggler Monitor"="c:\program files\Wallpaper Juggler\WallpaperJugglerM.exe" [2004-09-22 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Moritz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Moritz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 12:52	40368	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 19:36	28672	----a-w-	c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-14 15:05	526896	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-06-11 08:22	409600	----a-w-	c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-18 23:07	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-01-29 22:11	888120	----a-w-	c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-01-29 22:11	3372856	----a-w-	c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-09-10 22:02	809480	----a-w-	c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-21 02:06	6144000	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17	61440	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 08:03	303104	----a-w-	c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3966416877-3789978977-102637031-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 136176]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-06 717296]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-12 136360]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-28 233472]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-10 5120]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32	8192	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 20:29]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 20:29]
.
2011-08-30 c:\windows\Tasks\User_Feed_Synchronization-{1AEAEB46-8F29-4B72-9FF7-AAD3A371800A}.job
- c:\windows\system32\msfeedssync.exe [2011-08-10 09:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Moritz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\4zf2y16n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.n-tv.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{043C5167-00BB-4324-AF7E-62013FAEDACF} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{043C5167-00BB-4324-AF7E-62013FAEDACF} - (no file)
MSConfigStartUp-ArcadeDeluxeAgent - c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
MSConfigStartUp-CLMLServer - c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe
MSConfigStartUp-PlayMovie - c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403} - c:\program files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe
AddRemove-InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC} - c:\program files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe
AddRemove-InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe
AddRemove-Personal Video Database_is1 - e:\filme\Listen\Personal Video Database\unins000.exe
AddRemove-ShapeCollage - c:\program files\Shape Collage\uninstall.exe
AddRemove-{13D85C14-2B85-419F-AC41-C7F21E68B25D} - c:\program files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe
AddRemove-{58E5844B-7CE2-413D-83D1-99294BF6C74F} - c:\program files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{7F811A54-5A09-4579-90E1-C93498E230D9} - c:\program files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe
AddRemove-{8F1B6239-FEA0-450A-A950-B05276CE177C} - c:\program files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe
AddRemove-{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-08-31 19:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
? [3540]
? [3584]
? [5736]
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,d4,a2,1c,28,66,24,4c,94,b0,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,d4,a2,1c,28,66,24,4c,94,b0,89,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5216)
c:\users\Moritz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-08-31  19:31:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-08-31 17:30
.
Vor Suchlauf: 8 Verzeichnis(se), 10.414.637.056 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 10.398.253.056 Bytes frei
.
- - End Of File - - 3D61845A5CEF23867530DEFF189A8DEF
         
PS:
Inzwischen habe ich auch festgestellt, dass mein Laptop weder USB-Sticks noch SD-Karten erkennt
__________________

Geändert von lapala (31.08.2011 um 19:05 Uhr)

Alt 31.08.2011, 21:40   #4
Swisstreasure
/// Malwareteam
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Alt 01.09.2011, 05:25   #5
lapala
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7625

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

01.09.2011 06:23:55
mbam-log-2011-09-01 (06-23-55).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 184918
Laufzeit: 5 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\config\systemprofile\AppData\Roaming\jashla.exe (Rootkit.0Access.XGen) -> Quarantined and deleted successfully.
         


Alt 01.09.2011, 07:30   #6
Swisstreasure
/// Malwareteam
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
    Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt[/B] auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Alt 01.09.2011, 13:27   #7
lapala
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-01 14:25:33
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000064  rev.
Running: 5ftrny89.exe; Driver: C:\Users\Moritz\AppData\Local\Temp\kfriakoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                             section is writeable [0x8E003000, 0x20B6D6, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                               section is writeable [0x9E068300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                               section is writeable [0x9E0C1300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[3188] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                                           75EFB37C 4 Bytes  [00, 26, 7D, 01] {ADD [ESI], AH; JGE 0x5}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\disk \Device\Harddisk0\DR0                                                                                   87B5EA0A

AttachedDevice  \FileSystem\fastfat \Fat                                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                  0x50 0x6D 0x90 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                               0x3C 0x3D 0x9D 0xAD ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x90 0x04 0x50 0xC4 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x0C 0x21 0x42 0x83 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x6D 0x78 0xA6 0x6C ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                      0x50 0x6D 0x90 0x02 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                   0x3C 0x3D 0x9D 0xAD ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      1
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x90 0x04 0x50 0xC4 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x0C 0x21 0x42 0x83 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x6D 0x78 0xA6 0x6C ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                Whistler@MBR code has been found                                          <-- ROOTKIT !!!
Disk            \Device\Harddisk0\DR0                                                                                                sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
         

Alt 01.09.2011, 13:52   #8
Swisstreasure
/// Malwareteam
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



Schritt 1

Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.
  • Schließe alle laufenden Programme.
  • Trenne dich von Internet.
  • Deaktiviere deine AntiViren Software.
  • Starte TDSSkiller.exe mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start scan.
    Mache während dem Scan nichts am Rechner
    1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
    2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
      Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
  • Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
  • Bitte poste mir den Inhalt hier in deinen Thread.
Bebilderte Anleitung zur Benutzung von TDSSKiller.

Schritt 2

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Alt 01.09.2011, 15:19   #9
lapala
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



Code:
ATTFilter
2011/09/01 14:55:03.0268 4736	TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/01 14:55:03.0301 4736	================================================================================
2011/09/01 14:55:03.0301 4736	SystemInfo:
2011/09/01 14:55:03.0301 4736	
2011/09/01 14:55:03.0301 4736	OS Version: 6.0.6002 ServicePack: 2.0
2011/09/01 14:55:03.0301 4736	Product type: Workstation
2011/09/01 14:55:03.0301 4736	ComputerName: MORITZ-LAPTOP
2011/09/01 14:55:03.0301 4736	UserName: Moritz
2011/09/01 14:55:03.0301 4736	Windows directory: C:\Windows
2011/09/01 14:55:03.0301 4736	System windows directory: C:\Windows
2011/09/01 14:55:03.0301 4736	Processor architecture: Intel x86
2011/09/01 14:55:03.0301 4736	Number of processors: 2
2011/09/01 14:55:03.0301 4736	Page size: 0x1000
2011/09/01 14:55:03.0301 4736	Boot type: Normal boot
2011/09/01 14:55:03.0301 4736	================================================================================
2011/09/01 14:55:04.0738 4736	Initialize success
2011/09/01 14:55:13.0337 1536	================================================================================
2011/09/01 14:55:13.0337 1536	Scan started
2011/09/01 14:55:13.0337 1536	Mode: Manual; 
2011/09/01 14:55:13.0337 1536	================================================================================
2011/09/01 14:55:15.0032 1536	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/01 14:55:15.0582 1536	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/01 14:55:15.0799 1536	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/01 14:55:15.0991 1536	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/01 14:55:16.0408 1536	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/01 14:55:16.0874 1536	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/01 14:55:17.0035 1536	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/01 14:55:17.0449 1536	ahcix86s        (fbe4016f9ef3ab3db547e40a936b6cd9) C:\Windows\system32\DRIVERS\ahcix86s.sys
2011/09/01 14:55:17.0730 1536	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/01 14:55:17.0950 1536	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/01 14:55:18.0070 1536	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/01 14:55:18.0441 1536	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/01 14:55:18.0770 1536	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/01 14:55:18.0974 1536	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/01 14:55:19.0279 1536	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/01 14:55:19.0684 1536	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/01 14:55:19.0970 1536	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/01 14:55:20.0173 1536	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/01 14:55:20.0563 1536	athr            (8b412ddc62a0510767c5d48192ee1324) C:\Windows\system32\DRIVERS\athr.sys
2011/09/01 14:55:21.0079 1536	atikmdag        (8fdd2385d30080711633fe9ff2a64126) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/01 14:55:21.0373 1536	AtiPcie         (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/09/01 14:55:21.0840 1536	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/09/01 14:55:22.0016 1536	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/09/01 14:55:22.0455 1536	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/01 14:55:22.0787 1536	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/01 14:55:23.0090 1536	b57nd60x        (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/09/01 14:55:23.0464 1536	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/01 14:55:23.0589 1536	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/01 14:55:23.0745 1536	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/01 14:55:24.0010 1536	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/01 14:55:24.0166 1536	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/01 14:55:24.0432 1536	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/01 14:55:24.0790 1536	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/01 14:55:24.0993 1536	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/01 14:55:25.0118 1536	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/01 14:55:25.0196 1536	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/01 14:55:25.0539 1536	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/01 14:55:25.0976 1536	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/01 14:55:26.0116 1536	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/09/01 14:55:26.0538 1536	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/01 14:55:26.0896 1536	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/01 14:55:27.0115 1536	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/01 14:55:27.0333 1536	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/01 14:55:27.0708 1536	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/01 14:55:28.0066 1536	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/01 14:55:28.0254 1536	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/01 14:55:28.0690 1536	dgderdrv        (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
2011/09/01 14:55:29.0065 1536	DgiVecp         (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
2011/09/01 14:55:29.0283 1536	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/01 14:55:29.0486 1536	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/09/01 14:55:29.0907 1536	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/01 14:55:30.0266 1536	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/01 14:55:30.0968 1536	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/01 14:55:31.0280 1536	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/01 14:55:32.0169 1536	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/01 14:55:32.0871 1536	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/01 14:55:33.0246 1536	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/01 14:55:33.0417 1536	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/01 14:55:33.0480 1536	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/01 14:55:33.0589 1536	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/01 14:55:33.0636 1536	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/01 14:55:33.0745 1536	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/01 14:55:33.0823 1536	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/01 14:55:33.0963 1536	FsUsbExDisk     (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
2011/09/01 14:55:34.0057 1536	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/01 14:55:34.0306 1536	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/01 14:55:35.0071 1536	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/01 14:55:35.0227 1536	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/01 14:55:35.0398 1536	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/01 14:55:35.0882 1536	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/01 14:55:36.0256 1536	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/01 14:55:36.0646 1536	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/01 14:55:37.0395 1536	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/01 14:55:38.0144 1536	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/09/01 14:55:38.0721 1536	HSF_DPV         (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/01 14:55:39.0033 1536	HSXHWAZL        (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/09/01 14:55:39.0376 1536	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/01 14:55:39.0657 1536	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/01 14:55:39.0829 1536	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/01 14:55:40.0312 1536	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/01 14:55:40.0843 1536	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/01 14:55:41.0139 1536	int15           (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/09/01 14:55:41.0373 1536	IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/01 14:55:41.0716 1536	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/01 14:55:42.0028 1536	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/01 14:55:42.0340 1536	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/01 14:55:43.0152 1536	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/01 14:55:43.0401 1536	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/01 14:55:43.0947 1536	irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/09/01 14:55:44.0166 1536	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/01 14:55:44.0384 1536	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/01 14:55:44.0556 1536	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/01 14:55:44.0914 1536	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/01 14:55:45.0195 1536	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/01 14:55:45.0429 1536	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/01 14:55:45.0585 1536	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/01 14:55:45.0913 1536	KMWDFILTER      (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/09/01 14:55:46.0209 1536	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/01 14:55:46.0459 1536	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/09/01 14:55:46.0818 1536	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/01 14:55:47.0410 1536	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/01 14:55:47.0535 1536	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/01 14:55:48.0409 1536	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/01 14:55:49.0033 1536	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/01 14:55:49.0407 1536	MBAMSwissArmy   (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/09/01 14:55:50.0172 1536	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/01 14:55:50.0468 1536	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/01 14:55:51.0420 1536	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/01 14:55:51.0560 1536	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/01 14:55:51.0903 1536	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/01 14:55:52.0574 1536	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/01 14:55:53.0510 1536	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/01 14:55:54.0134 1536	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/01 14:55:54.0976 1536	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/01 14:55:55.0522 1536	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/01 14:55:56.0536 1536	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/01 14:55:56.0786 1536	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/01 14:55:57.0504 1536	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/01 14:55:57.0784 1536	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/01 14:55:58.0502 1536	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/01 14:55:58.0720 1536	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/09/01 14:55:59.0157 1536	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/01 14:55:59.0610 1536	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/01 14:56:00.0468 1536	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/01 14:56:00.0655 1536	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/01 14:56:01.0216 1536	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/01 14:56:01.0528 1536	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/01 14:56:01.0762 1536	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/01 14:56:02.0402 1536	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/01 14:56:02.0652 1536	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/01 14:56:03.0291 1536	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/01 14:56:03.0744 1536	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/01 14:56:04.0227 1536	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/01 14:56:04.0680 1536	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/01 14:56:05.0460 1536	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/01 14:56:05.0818 1536	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/01 14:56:06.0708 1536	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/01 14:56:07.0706 1536	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/01 14:56:08.0673 1536	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/01 14:56:08.0923 1536	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/01 14:56:09.0313 1536	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/01 14:56:09.0734 1536	NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/09/01 14:56:10.0795 1536	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/01 14:56:11.0715 1536	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/01 14:56:11.0856 1536	NTIDrvr         (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/09/01 14:56:12.0729 1536	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/01 14:56:13.0306 1536	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/01 14:56:13.0821 1536	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/01 14:56:14.0305 1536	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/01 14:56:14.0757 1536	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/01 14:56:15.0646 1536	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/01 14:56:15.0880 1536	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/01 14:56:16.0052 1536	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/01 14:56:16.0520 1536	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/01 14:56:16.0816 1536	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/01 14:56:17.0253 1536	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/09/01 14:56:17.0706 1536	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/01 14:56:17.0893 1536	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/01 14:56:18.0345 1536	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/01 14:56:18.0829 1536	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/09/01 14:56:18.0985 1536	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/01 14:56:19.0359 1536	PSDFilter       (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/09/01 14:56:19.0734 1536	PSDNServ        (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/09/01 14:56:19.0921 1536	psdvdisk        (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/09/01 14:56:20.0092 1536	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/01 14:56:20.0280 1536	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/01 14:56:20.0779 1536	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/01 14:56:20.0982 1536	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/01 14:56:21.0574 1536	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/01 14:56:21.0918 1536	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/01 14:56:22.0370 1536	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/01 14:56:22.0869 1536	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/01 14:56:23.0041 1536	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/01 14:56:23.0431 1536	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/01 14:56:23.0712 1536	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/01 14:56:23.0946 1536	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/01 14:56:24.0367 1536	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/01 14:56:24.0648 1536	RTSTOR          (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
2011/09/01 14:56:24.0944 1536	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/01 14:56:25.0318 1536	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/09/01 14:56:25.0599 1536	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/01 14:56:25.0896 1536	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/01 14:56:26.0098 1536	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/01 14:56:26.0520 1536	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/01 14:56:27.0144 1536	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/01 14:56:27.0565 1536	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/01 14:56:27.0861 1536	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/01 14:56:28.0033 1536	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/01 14:56:28.0376 1536	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/01 14:56:28.0657 1536	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/01 14:56:28.0984 1536	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/01 14:56:29.0343 1536	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/01 14:56:29.0702 1536	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/01 14:56:30.0061 1536	sptd            (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
2011/09/01 14:56:30.0529 1536	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/01 14:56:30.0950 1536	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/01 14:56:31.0153 1536	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/01 14:56:31.0387 1536	ssadbus         (48f44a1be434830b7c90fb730745f65a) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/09/01 14:56:31.0543 1536	ssadmdfl        (9630b486b62cc0adb0a89152ed0218d7) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/09/01 14:56:31.0948 1536	ssadmdm         (9afaa23421622c392b55508fa9613949) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/09/01 14:56:32.0167 1536	sscdbus         (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/09/01 14:56:32.0370 1536	sscdmdfl        (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/09/01 14:56:32.0838 1536	sscdmdm         (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/09/01 14:56:33.0087 1536	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/09/01 14:56:33.0555 1536	SSPORT          (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
2011/09/01 14:56:34.0117 1536	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/01 14:56:34.0632 1536	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/01 14:56:35.0037 1536	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/01 14:56:35.0334 1536	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/01 14:56:35.0817 1536	SynTP           (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/01 14:56:36.0067 1536	Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/01 14:56:36.0301 1536	Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/01 14:56:36.0675 1536	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/01 14:56:37.0081 1536	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/01 14:56:37.0284 1536	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/01 14:56:37.0611 1536	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/01 14:56:37.0986 1536	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/01 14:56:38.0157 1536	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/01 14:56:38.0282 1536	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/01 14:56:38.0469 1536	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/01 14:56:38.0563 1536	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/01 14:56:38.0875 1536	UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/09/01 14:56:39.0015 1536	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/01 14:56:39.0140 1536	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/01 14:56:39.0265 1536	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/01 14:56:39.0343 1536	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/01 14:56:39.0452 1536	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/01 14:56:39.0530 1536	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/01 14:56:39.0686 1536	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/01 14:56:39.0748 1536	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/01 14:56:39.0858 1536	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/01 14:56:39.0936 1536	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/01 14:56:40.0045 1536	usbfilter       (edca5124b54bcf04e5c0538aa397a9c1) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/09/01 14:56:40.0138 1536	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/01 14:56:40.0248 1536	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/01 14:56:40.0326 1536	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/01 14:56:40.0450 1536	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/01 14:56:40.0497 1536	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/01 14:56:40.0606 1536	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/01 14:56:40.0762 1536	usb_rndisx      (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/09/01 14:56:40.0840 1536	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/01 14:56:40.0856 1536	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/01 14:56:40.0903 1536	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/01 14:56:40.0996 1536	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/01 14:56:41.0043 1536	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/01 14:56:41.0074 1536	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/01 14:56:41.0215 1536	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/01 14:56:41.0386 1536	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/01 14:56:41.0480 1536	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/01 14:56:41.0636 1536	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/01 14:56:41.0667 1536	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/01 14:56:41.0683 1536	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/01 14:56:41.0730 1536	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/01 14:56:41.0870 1536	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/01 14:56:42.0057 1536	winachsf        (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/01 14:56:42.0244 1536	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/01 14:56:42.0432 1536	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/01 14:56:42.0588 1536	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/01 14:56:42.0666 1536	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/01 14:56:42.0775 1536	XAudio          (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/09/01 14:56:42.0837 1536	MBR (0x1B8)     (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
2011/09/01 14:56:43.0087 1536	Boot (0x1200)   (bb278f094c39be47e05be7c4baee0d18) \Device\Harddisk0\DR0\Partition0
2011/09/01 14:56:43.0134 1536	Boot (0x1200)   (3c77e1bbf30ea03a5274eeea44ea1e6e) \Device\Harddisk0\DR0\Partition1
2011/09/01 14:56:43.0227 1536	Boot (0x1200)   (b89df5d1b6d9bd486b899d4e3b25f872) \Device\Harddisk0\DR0\Partition2
2011/09/01 14:56:43.0227 1536	================================================================================
2011/09/01 14:56:43.0227 1536	Scan finished
2011/09/01 14:56:43.0227 1536	================================================================================
2011/09/01 14:56:43.0243 5132	Detected object count: 0
2011/09/01 14:56:43.0243 5132	Actual detected object count: 0
2011/09/01 14:56:55.0286 2044	Deinitialize success
         
Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-01 14:58:28
-----------------------------
14:58:28.314    OS Version: Windows 6.0.6002 Service Pack 2
14:58:28.314    Number of processors: 2 586 0x301
14:28:28.314    ComputerName: MORITZ-LAPTOP  UserName: Moritz
14:58:30.560    Initialize success
15:02:12.262    AVAST engine defs: 11090100
15:02:17.971    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
15:02:17.971    Disk 0 Vendor:   Size: 0MB BusType: 0
15:02:20.077    Disk 0 MBR read successfully
15:02:20.077    Disk 0 MBR scan
15:02:20.077    Disk 0 MBR:Whistler-C [Rtk]
15:02:20.077    Disk 0 Whistler@MBR code has been found
15:02:20.093    Disk 0 MBR hidden
15:02:20.093    Disk 0 MBR [Whistler]  **ROOTKIT**
15:02:20.343    Disk 0 scanning C:\Windows\system32\drivers
15:04:55.728    Service scanning
15:04:57.243    Modules scanning
15:07:35.707    Disk 0 trace - called modules:
15:07:35.723    ntkrnlpa.exe >>UNKNOWN [0x87b5ea0a]<<
15:07:36.238    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b0e670]
15:07:36.238    \Driver\disk[0x865cb300] -> IRP_MJ_READ -> 0x87b5ea0a
15:07:37.798    AVAST engine scan C:\Windows
15:10:46.574    AVAST engine scan C:\Windows\system32
15:27:22.293    AVAST engine scan C:\Windows\system32\drivers
15:28:20.918    AVAST engine scan C:\Users\Moritz
16:15:40.561    Disk 0 MBR has been saved successfully to "C:\Users\Moritz\Downloads\MBR.dat"
16:15:40.577    The log file has been saved successfully to "C:\Users\Moritz\Downloads\aswMBR.txt"

(da nach 45 Minuten nichts mehr passiert ist, habe ich das log gespeichert, es läuft aber gerade nochmal ein vollständiger Lauf)
         

Alt 01.09.2011, 22:27   #10
Swisstreasure
/// Malwareteam
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



MBR mit aswMBR von Avast wiederherstellen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop nicht woanders hin, falls noch nicht vorhanden.

Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! angezeigt wird, klicke auf FixMBR, um den MBR wiederherzustellen.

Alt 02.09.2011, 13:51   #11
lapala
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 14:56:17
-----------------------------
14:56:17.897    OS Version: Windows 6.0.6002 Service Pack 2
14:56:17.897    Number of processors: 2 586 0x301
14:56:17.897    ComputerName: MORITZ-LAPTOP  UserName: Moritz
14:57:09.963    Initialize success
14:57:29.016    AVAST engine defs: 11090100
14:59:08.649    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
14:59:08.649    Disk 0 Vendor:   Size: 0MB BusType: 0
14:59:10.677    Disk 0 MBR read successfully
14:59:10.677    Disk 0 MBR scan
14:59:10.677    Disk 0 MBR:Whistler-C [Rtk]
14:59:10.693    Disk 0 Whistler@MBR code has been found
14:59:10.693    Disk 0 MBR hidden
14:59:10.693    Disk 0 MBR [Whistler]  **ROOTKIT**
14:59:10.740    Disk 0 scanning C:\Windows\system32\drivers
14:59:31.852    Service scanning
14:59:33.583    Modules scanning
15:00:00.259    Disk 0 trace - called modules:
15:00:00.259    ntkrnlpa.exe >>UNKNOWN [0x87b3da0a]<<
15:00:00.774    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bf8ac8]
15:00:00.774    \Driver\disk[0x85f3a978] -> IRP_MJ_READ -> 0x87b3da0a
15:00:00.790    Scan finished successfully
15:00:08.997    Verifying
15:00:19.028    Disk 0 Windows 600 MBR fixed successfully
15:00:26.828    Disk 0 MBR has been saved successfully to "C:\Users\Moritz\Downloads\MBR.dat"
15:00:26.843    The log file has been saved successfully to "C:\Users\Moritz\Downloads\aswMBR.txt"
         

Geändert von lapala (02.09.2011 um 14:02 Uhr)

Alt 02.09.2011, 15:16   #12
Swisstreasure
/// Malwareteam
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



  • Starte erneut die aswMBR.exe
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Alt 02.09.2011, 15:23   #13
lapala
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-02 16:22:16
-----------------------------
16:22:16.815    OS Version: Windows 6.0.6002 Service Pack 2
16:22:16.815    Number of processors: 2 586 0x301
16:22:16.817    ComputerName: MORITZ-LAPTOP  UserName: Moritz
16:22:18.652    Initialize success
16:22:25.961    AVAST engine defs: 11090100
16:22:35.665    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
16:22:35.669    Disk 0 Vendor:   Size: 0MB BusType: 0
16:22:37.684    Disk 0 MBR read successfully
16:22:37.687    Disk 0 MBR scan
16:22:37.694    Disk 0 Windows VISTA default MBR code
16:22:37.698    Disk 0 MBR hidden
16:22:37.746    Disk 0 scanning C:\Windows\system32\drivers
16:22:53.879    Service scanning
16:22:55.381    Modules scanning
16:23:07.678    Disk 0 trace - called modules:
16:23:07.698    ntkrnlpa.exe >>UNKNOWN [0x87b3da0a]<<
16:23:07.720    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bf8ac8]
16:23:07.738    \Driver\disk[0x85f3a978] -> IRP_MJ_READ -> 0x87b3da0a
16:23:07.751    Scan finished successfully
16:23:14.689    Disk 0 MBR has been saved successfully to "C:\Users\Moritz\Downloads\MBR.dat"
16:23:14.699    The log file has been saved successfully to "C:\Users\Moritz\Downloads\aswMBR.txt"
         

Alt 02.09.2011, 16:26   #14
Swisstreasure
/// Malwareteam
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



Schritt 1

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Alt 02.09.2011, 17:05   #15
lapala
 
Masterbootsektor Virus "BOO/Whistler" - Standard

Masterbootsektor Virus "BOO/Whistler"



Code:
ATTFilter
OTL logfile created on: 02.09.2011 17:48:32 - Run 3
OTL by OldTimer - Version 3.2.26.7     Folder = C:\Users\Moritz\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 65,52% Memory free
5,70 Gb Paging File | 4,41 Gb Available in Paging File | 77,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 10,07 Gb Free Space | 6,99% Space Free | Partition Type: NTFS
Drive D: | 72,13 Gb Total Space | 64,52 Gb Free Space | 89,45% Space Free | Partition Type: NTFS
Drive I: | 72,02 Gb Total Space | 69,32 Gb Free Space | 96,25% Space Free | Partition Type: NTFS
 
Computer Name: MORITZ-LAPTOP | User Name: Moritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.31 12:23:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.08.31 00:41:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Moritz\Desktop\OTL.exe
PRC - [2011.08.03 11:00:00 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011.07.03 22:53:47 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.12 14:17:07 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.05 19:07:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.28 08:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.21 04:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.31 12:23:54 | 001,846,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.06.25 08:13:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.03 22:53:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.12 14:17:07 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.28 08:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.07.03 22:53:56 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.03 22:53:56 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.29 18:00:20 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.10.25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.10.21 21:09:50 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.10.21 21:09:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.09.30 07:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.06 21:38:18 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.06.25 08:53:34 | 003,844,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.05.28 17:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.05.27 23:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008.04.28 19:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.01.10 03:34:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.01.10 03:34:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011.03.12 22:30:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.14 22:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.31 12:23:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.31 00:24:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.29 00:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.08.31 00:24:54 | 000,000,000 | ---D | M]
 
[2010.02.23 17:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Extensions
[2010.02.23 17:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.21 09:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions
[2010.12.11 14:14:01 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010.04.27 17:24:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.03 00:57:34 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011.07.16 10:51:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.05 12:32:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.07.05 12:32:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.07.05 12:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009.04.15 18:47:17 | 000,000,000 | ---D | M] (RDown - Rapidshare Downloader) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\dave2x@download
[2011.01.04 12:05:47 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\isreaditlater@ideashower.com
[2011.02.12 16:21:01 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\vshare@toolbar
[2010.12.11 14:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2011.07.05 12:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009.12.09 23:24:45 | 000,001,127 | ---- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\4zf2y16n.default\searchplugins\rapidshare-filefinder.xml
[2009.12.09 23:24:13 | 000,004,153 | ---- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\4zf2y16n.default\searchplugins\youtube.xml
[2011.08.16 10:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.18 15:09:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MORITZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZF2Y16N.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\MORITZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZF2Y16N.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2011.08.31 12:23:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.19 19:38:57 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.31 19:25:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wallpaper Juggler Monitor] C:\Program Files\Wallpaper Juggler\WallpaperJugglerM.exe (Topdownloads Networks)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Moritz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Moritz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Moritz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Moritz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Moritz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BkupTray - hkey= - key= - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
MsConfig - StartUpReg: ePower_DMC - hkey= - key= - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.02 14:45:08 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.09.01 14:53:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Moritz\Desktop\aswMBR.exe
[2011.08.31 19:31:04 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\temp
[2011.08.31 19:25:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.31 18:44:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.08.31 18:44:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.08.31 18:44:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.08.31 18:44:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.08.31 18:44:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.31 18:36:36 | 004,191,448 | R--- | C] (Swearware) -- C:\Users\Moritz\Desktop\ComboFix.exe
[2011.08.31 00:40:58 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Moritz\Desktop\OTL.exe
[2011.08.30 13:09:20 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Malwarebytes
[2011.08.30 13:09:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.30 13:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.30 13:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.30 13:09:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.30 13:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.29 00:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.08.29 00:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.08.29 00:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.08.28 15:10:07 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler
[2011.08.28 15:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler
[2011.08.28 15:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Wallpaper Juggler
[2011.08.26 19:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.0
[2011.08.26 18:43:05 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Foxit Software
[2011.08.15 17:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\ALDI Bestellsoftware
[2011.08.12 23:27:59 | 000,000,000 | ---D | C] -- C:\Users\Moritz\A Norway
[2011.08.12 23:04:31 | 000,000,000 | ---D | C] -- C:\Users\Moritz\America
[2008.09.25 13:49:40 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.02 17:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.02 16:53:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.02 16:53:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.02 15:04:24 | 000,080,384 | ---- | M] () -- C:\Users\Moritz\Desktop\MBRCheck.exe
[2011.09.02 14:54:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.02 14:53:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.09.02 14:53:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.02 14:53:04 | 2951,131,136 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.02 02:18:15 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1AEAEB46-8F29-4B72-9FF7-AAD3A371800A}.job
[2011.09.01 14:53:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Moritz\Desktop\aswMBR.exe
[2011.09.01 01:00:31 | 000,000,680 | ---- | M] () -- C:\Users\Moritz\AppData\Local\d3d9caps.dat
[2011.08.31 19:25:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.08.31 18:36:57 | 004,191,448 | R--- | M] (Swearware) -- C:\Users\Moritz\Desktop\ComboFix.exe
[2011.08.31 14:33:01 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.31 14:33:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.31 14:33:01 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.31 14:33:01 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.31 01:43:13 | 326,555,878 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.31 00:44:22 | 000,000,020 | ---- | M] () -- C:\Users\Moritz\defogger_reenable
[2011.08.31 00:41:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Moritz\Desktop\OTL.exe
[2011.08.30 13:09:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.30 12:21:57 | 001,605,632 | ---- | M] () -- C:\Users\Moritz\boot.iso
[2011.08.29 00:20:49 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.28 15:42:18 | 000,247,808 | ---- | M] () -- C:\Users\Moritz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.14 14:58:22 | 000,000,926 | ---- | M] () -- C:\Users\Moritz\Desktop\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.02 15:04:23 | 000,080,384 | ---- | C] () -- C:\Users\Moritz\Desktop\MBRCheck.exe
[2011.08.31 18:44:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.31 18:44:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.31 18:44:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.31 18:44:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.31 18:44:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.31 01:51:58 | 2951,131,136 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.31 00:44:07 | 000,000,020 | ---- | C] () -- C:\Users\Moritz\defogger_reenable
[2011.08.30 13:09:08 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.30 12:21:57 | 001,605,632 | ---- | C] () -- C:\Users\Moritz\boot.iso
[2011.08.29 00:20:49 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.28 15:10:07 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx
[2011.07.06 18:48:12 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.07.06 18:48:12 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.12.24 11:58:13 | 000,022,328 | ---- | C] () -- C:\Users\Moritz\AppData\Roaming\PnkBstrK.sys
[2010.12.24 11:57:59 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.12.24 11:57:55 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.10.16 14:50:32 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.10.16 14:50:32 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.04.02 15:33:25 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.04.02 15:33:09 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.02 15:33:08 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.04.02 15:32:36 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2010.02.23 17:52:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.12 13:34:19 | 000,000,000 | ---- | C] () -- C:\Windows\jcmkr32.INI
[2009.11.01 12:50:22 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009.10.21 21:09:50 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.10.21 21:09:49 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.05.27 17:32:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.27 17:32:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.03 19:12:34 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2009.03.16 12:45:12 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2009.02.24 14:09:00 | 000,000,569 | ---- | C] () -- C:\Windows\eReg.dat
[2009.02.04 16:00:45 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009.02.04 16:00:45 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009.02.04 16:00:45 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2009.02.02 16:59:58 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.01.30 16:19:35 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.01.25 12:47:50 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.01.24 16:51:36 | 000,247,808 | ---- | C] () -- C:\Users\Moritz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.24 15:46:54 | 000,026,340 | ---- | C] () -- C:\Users\Moritz\AppData\Roaming\UserTile.png
[2009.01.24 13:36:30 | 000,000,680 | ---- | C] () -- C:\Users\Moritz\AppData\Local\d3d9caps.dat
[2009.01.24 13:17:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.25 13:48:26 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.09.25 13:48:26 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.09.25 13:48:26 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.09.25 13:48:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.09.25 04:07:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.09.25 04:04:33 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.09.25 04:04:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.09.25 04:04:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.09.25 04:04:33 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.09.25 03:55:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.08.28 05:39:18 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.08.28 05:39:18 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.08.28 05:39:18 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.08.28 05:39:18 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.08.27 20:36:03 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.08.27 20:32:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.08.27 20:32:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.08.19 04:48:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.08.19 04:48:50 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.08.19 04:48:50 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.08.19 04:48:18 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,344,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.09.18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2008.08.27 20:30:20 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Acer GameZone Console
[2010.12.10 22:58:01 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\albumart
[2009.04.16 12:25:13 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DAEMON Tools
[2009.04.16 12:26:33 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DAEMON Tools Lite
[2009.04.06 21:45:51 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DAEMON Tools Pro
[2011.08.27 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Dropbox
[2011.07.16 10:51:36 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DVDVideoSoft
[2011.07.16 10:51:06 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.26 18:43:05 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Foxit Software
[2011.08.15 14:48:24 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\gtk-2.0
[2011.08.31 18:37:27 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\ICQ
[2010.12.26 11:50:10 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Leadertech
[2009.02.10 18:37:04 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\OpenOffice.org
[2009.01.24 15:46:54 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\PeerNetworking
[2011.07.15 01:06:33 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Personal Video Database
[2009.02.15 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Pingus
[2011.02.12 19:14:38 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Rovio
[2010.10.16 14:49:03 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Samsung
[2010.04.18 15:00:48 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\smc
[2009.09.29 16:47:16 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Teeworlds
[2010.05.13 15:04:03 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\temp
[2010.02.23 17:52:49 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Thunderbird
[2009.02.08 13:32:16 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Tobit
[2010.04.27 18:00:57 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\TuneUp Software
[2009.02.09 20:24:23 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Wormux
[2011.09.02 14:52:13 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.02 02:18:15 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1AEAEB46-8F29-4B72-9FF7-AAD3A371800A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.31 19:25:48 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.01.24 12:48:34 | 000,000,000 | ---D | M] -- C:\Acer
[2010.02.19 14:39:55 | 000,000,000 | ---D | M] -- C:\ATI
[2009.05.27 22:55:40 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.01.24 12:43:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.30 11:09:47 | 000,000,000 | ---D | M] -- C:\Lyrics
[2008.08.27 20:13:50 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.08.31 00:24:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.31 19:16:53 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.01.24 12:43:07 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.31 19:38:57 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.09.02 17:51:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.13 14:21:23 | 000,000,000 | ---D | M] -- C:\Temp
[2009.03.19 20:11:47 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.31 19:25:56 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-02 13:03:21

< End of report >
         
Eine Extras-Datei wurde nicht erstellt.

Nach einem Neustart zeigt AntiVir immernoch den Virus an

Geändert von lapala (02.09.2011 um 17:21 Uhr)

Antwort

Themen zu Masterbootsektor Virus "BOO/Whistler"
adblock, antivir, application/pdf, application/pdf:, avira, bho, bluescreen, bonjour, c:\windows\system32\rundll32.exe, converter, desktop, device driver, downloader, excel.exe, festplatte, firefox, google, helper, home, locker, logfile, masterbootsektor hd0, mozilla thunderbird, mp3, object, plug-in, popup, problem, programm, realtek, scan, senden, software, start menu, studio, version=1.0, virus, vista



Ähnliche Themen: Masterbootsektor Virus "BOO/Whistler"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  3. Avira Fund B00/Whistler.DB im Masterbootsektor HD0 und Bootsektor 'C:\'
    Log-Analyse und Auswertung - 26.09.2013 (15)
  4. BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''
    Log-Analyse und Auswertung - 09.04.2013 (12)
  5. Antivir-Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD1 sowie Masterbootsektor der ext. HD (F:)
    Log-Analyse und Auswertung - 14.09.2012 (27)
  6. Avira findet "BOO/Whistler.A" in Masterbootsektor HD0 Bootsektor 'C:\', lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (51)
  7. Virus BOO/Whistler.DB im Masterbootsektor HD1 gefunden(Avira)
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (5)
  8. boo/whistler.db im Masterbootsektor gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (33)
  9. Fund: BOO/Whistler.DB - Objekt:Masterbootsektor HD0 (von Antivir)
    Log-Analyse und Auswertung - 12.06.2012 (7)
  10. Boo.Whistler.A im Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (1)
  11. BOO/Whistler.A in Masterbootsektor gefunden F und I
    Log-Analyse und Auswertung - 21.11.2011 (22)
  12. Malware "B00/TDss.M" auf Masterbootsektor HD0/Laufwerk C + D
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (31)
  13. Dringend Hilfe gesucht!! Virus "BOO/TDss.D" auf dem Bootsektor, Masterbootsektor HD0
    Log-Analyse und Auswertung - 11.10.2011 (1)
  14. Boo Whistler im Masterbootsektor
    Log-Analyse und Auswertung - 07.09.2011 (18)
  15. BOO/Whistler.A in Masterbootsektor gefunden,Lfw D: ist verschwunden
    Log-Analyse und Auswertung - 11.08.2011 (25)
  16. BOO/Whistler.A von AntiVir in "Bootsector G" gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.07.2011 (24)
  17. Virus "BOO/TDss.m" im Masterbootsektor HD0
    Log-Analyse und Auswertung - 27.05.2011 (16)

Zum Thema Masterbootsektor Virus "BOO/Whistler" - Hallo alle zusammen, Erste Anzeichen eines Viruses war, dass meine externe Festplatte nicht mehr erkannt wurde. Nach einem Neustart blinkte nun auch mein AntiVir auf: "Im Masterbootsektor von Laufwerk 'Masterbootsektor - Masterbootsektor Virus "BOO/Whistler"...
Archiv
Du betrachtest: Masterbootsektor Virus "BOO/Whistler" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.