Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Nach vermutlichem Virus Befall Daten weg !

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.09.2011, 14:57   #1
Nico9
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



Hallo zusammen ,

ich habe schon wieder ein problem, und zwar hatte oder habe ich schon wieder einen virus auf meinem pc , und von jetz auf gleich waren so zeimlich alle daten weg , also fotos,videos,musik, games einfach alles.

Mein desktop ist auch komplett leer , firefox ist noch da , antivir istauch noch da , und zwei games aber sonst fast nichts ..


Ich hoffe ihr könnt mir helfen

Gruss Nico

Alt 11.09.2011, 15:26   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 11.09.2011, 16:09   #3
Nico9
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



So hier OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.09.2011 16:55:53 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Nico Fuhrmann\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 64,98% Memory free
6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456,93 Gb Total Space | 264,86 Gb Free Space | 57,96% Space Free | Partition Type: NTFS
Drive D: | 458,58 Gb Total Space | 458,22 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 6,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 998,10 Mb Total Space | 911,46 Mb Free Space | 91,32% Space Free | Partition Type: FAT32
 
Computer Name: NICOFUHRMANN-PC | User Name: Nico Fuhrmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.11 16:54:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Nico Fuhrmann\Downloads\OTL.exe
PRC - [2011.06.28 17:16:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.22 14:10:38 | 000,438,399 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
PRC - [2008.08.06 17:00:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0415Mon.exe
PRC - [2008.03.26 13:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.29 12:25:10 | 000,598,016 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008.01.29 12:24:46 | 000,163,840 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.07 17:59:41 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.28 17:16:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.29 12:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.01.29 12:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.06.28 17:16:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 17:16:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.28 10:49:40 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.05.25 09:25:04 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.05.25 09:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008.08.14 03:00:00 | 000,282,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0415Vid.sys -- (V0415Vid)
DRV - [2008.08.12 15:50:36 | 000,135,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008.01.29 13:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.12 16:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.01.15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2828561
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Uptodown EN Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2828561&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.07 13:28:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.05.28 10:35:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nico Fuhrmann\AppData\Roaming\mozilla\Extensions
[2011.09.02 23:16:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nico Fuhrmann\AppData\Roaming\mozilla\Firefox\Profiles\m01tzwhl.default\extensions
[2011.08.19 15:21:16 | 000,000,000 | -H-D | M] (Uptodown EN Community Toolbar) -- C:\Users\Nico Fuhrmann\AppData\Roaming\mozilla\Firefox\Profiles\m01tzwhl.default\extensions\{40f5f417-32bb-4296-9446-c1e0094e7d82}
[2011.08.14 14:54:56 | 000,000,925 | -H-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Mozilla\Firefox\Profiles\m01tzwhl.default\searchplugins\conduit.xml
[2011.08.12 14:13:02 | 000,010,525 | -H-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Mozilla\Firefox\Profiles\m01tzwhl.default\searchplugins\gmx-suche.xml
[2011.06.03 15:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.03 15:48:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.05.30 01:30:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\NICO FUHRMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M01TZWHL.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.05.30 14:34:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.09.07 13:28:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.25 23:20:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.25 23:20:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.25 23:20:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.25 23:20:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.25 23:20:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.25 23:20:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Uptodown EN Toolbar) - {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Uptodown EN Toolbar) - {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Live! Central] C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [V0415Mon.exe] C:\Windows\V0415Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [otpi.exe]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D766E25-2E55-4E02-8688-54242078D464}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\Shell\AutoRun\command - "" = I:\Installer.EXE
O33 - MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\Shell - "" = AutoRun
O33 - MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\Shell\AutoRun\command - "" = 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Nico Fuhrmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: V0415Mon.exe - hkey= - key= - C:\Windows\V0415Mon.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.11 16:34:12 | 000,000,000 | ---D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Malwarebytes
[2011.09.11 16:33:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.09.11 16:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.11 16:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.11 16:33:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.11 16:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.09 21:07:46 | 000,000,000 | ---D | C] -- C:\Users\Nico Fuhrmann\Documents\4A Games
[2011.09.09 21:05:22 | 000,000,000 | ---D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\4A Games
[2011.09.09 21:05:00 | 000,000,000 | ---D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\NVIDIA
[2011.09.09 15:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.09.08 20:04:07 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Recovery
[2011.09.08 19:03:30 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\Application Data
[2011.09.07 13:28:28 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{49C823BE-FD81-4253-AA77-AC22347DA7E0}
[2011.09.07 13:28:23 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{CB30E6B2-77F2-4A83-BBBB-3032E929B083}
[2011.09.02 14:17:25 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{0CC73F31-3918-4E0C-8731-15F6033BCA50}
[2011.09.02 14:17:14 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{E68623EB-F4FB-4077-AC12-B74F49A131CC}
[2011.08.31 16:35:10 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\dvdcss
[2011.08.31 15:31:37 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{69F8C1CF-7BE3-4E67-82AA-C08BC3C2C200}
[2011.08.31 15:31:15 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{A84E3DF6-2373-4867-85C9-B1E8A97B5445}
[2011.08.28 19:45:16 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D93E8B31-CC97-4704-A52E-963426C0A598}
[2011.08.28 19:45:09 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{E845B27F-657A-4E64-88CA-09AC1BA9431E}
[2011.08.22 14:34:30 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D0FBA9A0-860A-457A-AC2A-2CBBA542B70B}
[2011.08.22 14:34:13 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{01BD0AB0-6368-4515-ABC5-68E4F1BFB04E}
[2011.08.21 02:06:16 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{785A7B8C-F156-48A2-91FB-FDC75C96F1AC}
[2011.08.21 02:06:12 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{58E8EB75-7992-4A92-BD4F-429FAFAC7899}
[2011.08.20 17:13:48 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\Documents\Sniper - Ghost Warrior
[2011.08.20 09:25:08 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{4E226090-A018-4874-9B53-F24BA9E2E62C}
[2011.08.20 09:25:03 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{CE10E8F8-22FF-4433-97B6-1CC8465C14EF}
[2011.08.19 15:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011.08.19 15:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011.08.19 15:21:04 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\Conduit
[2011.08.19 15:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Uptodown_EN
[2011.08.19 14:34:13 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{14D9D4A1-FD2D-424A-BE7D-E8AB87A3D50A}
[2011.08.19 14:34:04 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D58EB78D-4832-40B3-8A19-6DFB0E688652}
[2011.08.18 15:53:05 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{3C261A65-4E33-446E-8AFD-DFDB35755740}
[2011.08.18 15:53:01 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{FF9F340E-0404-4C42-82D9-5A914D1D4666}
[2011.08.17 13:30:47 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D713ABFA-D5D2-4FE2-990C-194EC56B5A7B}
[2011.08.17 13:30:42 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{19ACA745-D3F5-4733-A7EA-2DA7ABF32116}
[2011.08.16 13:03:02 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{5B4563CF-0CCD-4391-A017-B179650CFD86}
[2011.08.16 13:02:58 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{ED005C13-F2F6-48BC-86F7-2AC298E9D68A}
[2011.08.15 22:10:09 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\Desktop\Neuer Ordner (5)
[2011.08.15 15:54:26 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{FDF1D66A-BC20-4A68-AD45-579B72A81041}
[2011.08.15 15:54:18 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{07F9B0C9-6CA6-4E78-AF24-E3ADEE8C5662}
[2011.08.14 10:10:32 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{E81E21ED-8F2B-4282-8984-701FA747219B}
[2011.08.14 10:10:28 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{4D7BED63-5F77-407F-B40F-018B80F230D8}
[2011.08.13 20:49:20 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D1F7F5E1-BEF4-4A84-AA05-00B1F4CD0940}
[2011.08.13 20:49:15 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{A05AE64E-2B5A-4B34-84DB-4F7813A71A49}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.11 16:50:12 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.11 16:50:02 | 000,004,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.11 16:50:02 | 000,004,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.11 16:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.11 16:49:57 | 3219,615,744 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.11 16:34:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.11 16:30:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.11 12:06:18 | 000,065,198 | ---- | M] () -- C:\Users\Nico Fuhrmann\Desktop\t150.jpg
[2011.09.11 12:05:53 | 000,036,879 | ---- | M] () -- C:\Users\Nico Fuhrmann\Desktop\m146.jpg
[2011.09.08 20:04:07 | 000,000,611 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\System Recovery.lnk
[2011.09.08 20:04:07 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011.09.08 20:04:07 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011.09.08 20:04:05 | 000,000,344 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011.09.05 19:43:08 | 000,006,467 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\309538_254104091290415_100000724780132_841568_585936_s.jpg
[2011.09.04 22:17:05 | 000,160,501 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\mona-lisa.jpg
[2011.09.04 09:46:29 | 000,034,129 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\Winterjam.jpg
[2011.09.03 11:20:39 | 007,605,760 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\Türke türke.mp3
[2011.09.03 10:32:04 | 000,132,916 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\02092011609.JPG
[2011.09.02 17:35:20 | 001,773,639 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\02092011608.JPG
[2011.09.02 17:34:32 | 001,824,895 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\02092011607.JPG
[2011.09.02 14:23:28 | 000,039,401 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\275105_100001592077413_7899947_n.jpg
[2011.09.01 09:11:30 | 002,024,495 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\01092011008.JPG
[2011.09.01 09:11:06 | 002,118,059 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\01092011007.JPG
[2011.08.31 18:54:28 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.31 18:54:28 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.31 18:54:28 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.31 18:54:28 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.31 15:38:30 | 000,231,848 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\Stammkurs, frau otto.JPG
[2011.08.31 08:03:30 | 002,693,628 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\31082011599.JPG
[2011.08.30 21:21:43 | 000,210,106 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\BaugnezCrossroads1.JPG
[2011.08.27 18:27:54 | 000,018,944 | -H-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.24 18:52:09 | 000,260,747 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\fisher_f75_pic.jpg
[2011.08.20 16:26:54 | 000,000,215 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\Sniper Ghost Warrior.url
[2011.08.18 19:36:38 | 000,664,847 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Documents\Foto0418.jpg
[2011.08.18 19:09:54 | 000,233,489 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\9_c___Herr_Meier.JPG
[2011.08.16 18:50:49 | 000,654,342 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Documents\DSC03494-.jpg
[2011.08.15 22:21:58 | 000,081,136 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\02082011509.JPG
[2011.08.15 22:02:40 | 000,076,930 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\band_of_brothers_wallpaper_1280x1024_6.jpg
[2011.08.13 23:15:26 | 000,055,716 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\13082011547.JPG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.11 16:34:00 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.10 18:09:08 | 000,036,879 | ---- | C] () -- C:\Users\Nico Fuhrmann\Desktop\m146.jpg
[2011.09.10 18:06:24 | 000,065,198 | ---- | C] () -- C:\Users\Nico Fuhrmann\Desktop\t150.jpg
[2011.09.08 20:04:07 | 000,000,611 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\System Recovery.lnk
[2011.09.08 20:04:07 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011.09.08 20:04:07 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011.09.08 20:04:05 | 000,000,344 | -H-- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011.09.05 19:43:07 | 000,006,467 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\309538_254104091290415_100000724780132_841568_585936_s.jpg
[2011.09.04 22:17:04 | 000,160,501 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\mona-lisa.jpg
[2011.09.04 09:44:23 | 000,034,129 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\Winterjam.jpg
[2011.09.03 11:20:28 | 007,605,760 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\Türke türke.mp3
[2011.09.03 10:09:34 | 001,824,895 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\02092011607.JPG
[2011.09.03 10:09:34 | 001,773,639 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\02092011608.JPG
[2011.09.03 10:09:34 | 000,132,916 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\02092011609.JPG
[2011.09.02 14:20:15 | 000,039,401 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\275105_100001592077413_7899947_n.jpg
[2011.09.01 19:12:34 | 002,118,059 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\01092011007.JPG
[2011.09.01 19:12:31 | 002,024,495 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\01092011008.JPG
[2011.08.31 15:33:08 | 000,231,848 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\Stammkurs, frau otto.JPG
[2011.08.31 15:33:01 | 002,693,628 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\31082011599.JPG
[2011.08.24 18:52:07 | 000,260,747 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\fisher_f75_pic.jpg
[2011.08.20 16:26:54 | 000,000,215 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\Sniper Ghost Warrior.url
[2011.08.18 19:36:27 | 000,664,847 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Documents\Foto0418.jpg
[2011.08.18 19:09:52 | 000,233,489 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\9_c___Herr_Meier.JPG
[2011.08.16 18:50:37 | 000,654,342 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Documents\DSC03494-.jpg
[2011.08.15 22:02:26 | 000,076,930 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\band_of_brothers_wallpaper_1280x1024_6.jpg
[2011.08.13 23:13:52 | 000,055,716 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\13082011547.JPG
[2011.07.08 15:45:55 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.06.25 15:20:43 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2011.06.22 14:57:52 | 000,139,224 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.06.22 14:57:52 | 000,022,328 | -H-- | C] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\PnkBstrK.sys
[2011.06.22 14:57:37 | 000,183,152 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.06.22 14:57:33 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.06.22 14:57:33 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.06.11 03:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.06.10 18:17:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.06.10 18:17:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.06.03 15:49:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.28 12:57:04 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.28 12:57:04 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.05.28 10:48:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.28 10:18:59 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2011.05.28 10:18:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011.05.28 10:18:59 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011.05.28 09:57:54 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.05.27 21:10:51 | 000,018,944 | -H-- | C] () -- C:\Users\Nico Fuhrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.27 20:44:18 | 000,000,680 | -H-- | C] () -- C:\Users\Nico Fuhrmann\AppData\Local\d3d9caps.dat
[2011.05.24 13:03:24 | 000,276,232 | -H-- | C] () -- C:\Users\Nico Fuhrmann\AppData\Local\ConduitInstaller.exe
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2006.11.02 17:33:31 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,276,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.07.13 13:38:17 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\BOM
[2011.05.28 10:51:53 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\DAEMON Tools Lite
[2011.09.04 03:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\ICQ
[2011.07.08 17:03:13 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Igdoap
[2011.05.28 17:12:48 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\IrfanView
[2011.07.28 08:31:12 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Irub
[2011.07.12 09:00:35 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Koagky
[2011.07.28 22:30:24 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Niopx
[2011.05.30 01:36:44 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\OpenOffice.org
[2011.06.04 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\TubeBox
[2011.09.11 16:46:25 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.03 13:07:58 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Adobe
[2011.05.28 12:53:33 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Avira
[2011.07.13 13:38:17 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\BOM
[2011.07.27 13:10:39 | 000,000,000 | RH-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Brother
[2011.06.25 15:46:59 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Creative
[2011.05.28 10:51:53 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\DAEMON Tools Lite
[2011.08.31 16:35:10 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\dvdcss
[2011.09.04 03:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\ICQ
[2011.05.27 20:44:22 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Identities
[2011.07.08 17:03:13 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Igdoap
[2011.06.25 15:20:04 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\InstallShield
[2011.05.28 17:12:48 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\IrfanView
[2011.07.28 08:31:12 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Irub
[2011.07.12 09:00:35 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Koagky
[2011.05.28 14:11:24 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Macromedia
[2011.09.11 16:34:12 | 000,000,000 | ---D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Media Center Programs
[2011.09.08 19:03:31 | 000,000,000 | --SD | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft
[2011.05.28 10:35:46 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Mozilla
[2011.07.28 22:30:24 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Niopx
[2011.09.09 21:05:00 | 000,000,000 | ---D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\NVIDIA
[2011.05.30 01:36:44 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\OpenOffice.org
[2011.09.11 16:53:08 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Skype
[2011.07.03 11:06:03 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\skypePM
[2011.05.28 17:09:10 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\SUPERAntiSpyware.com
[2011.06.04 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\TubeBox
[2011.06.18 14:33:56 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\vlc
[2011.07.08 01:25:16 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.04 22:16:05 | 000,010,134 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6514C169A30B32C1D9071C.exe
[2011.06.04 22:16:05 | 000,034,494 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe
[2011.06.04 22:16:05 | 000,355,574 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_A284EAE41E055547217DE7.exe
[2011.06.04 22:16:05 | 000,080,992 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_BEA59818F40318269C802B.exe
[2011.06.04 22:16:05 | 000,355,574 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_E3DBAAA0CAF950FA4295EE.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2011.05.28 14:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011.05.28 14:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011.05.28 14:25:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.01.25 20:02:04 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\Windows\Temp\chipset_x86\IDE\WinVista\sataraid\nvstor32.sys
[2008.01.25 20:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\Temp\chipset_x86\IDE\WinVista\sata_ide\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2011.05.28 12:56:58 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2011.05.28 12:56:58 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.19 09:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2008.01.19 09:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<           >

< End of report >
         
--- --- ---


Und Malwarebytes:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7695

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11.09.2011 16:45:39
mbam-log-2011-09-11 (16-45-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 185214
Laufzeit: 5 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2F7ZUJ7G4IWWUF6VXQBJIKHST (Trojan.Agent) -> Value: 2F7ZUJ7G4IWWUF6VXQBJIKHST -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xINAfOOBcRr (Trojan.FakeAlert) -> Value: xINAfOOBcRr -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\systemdata\217fa966b37.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\xinafoobcrr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\p1kalmig2kb7fz.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\nico fuhrmann\AppData\Local\Temp\2B2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\nico fuhrmann\AppData\Local\Temp\audio_drivers_update_utility.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\nico fuhrmann\AppData\Local\Temp\tmpEDFA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\nico fuhrmann\AppData\Local\Temp\0.0953075560232346.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Recycle.Bin\48d2f5e4efb28b3 (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
__________________

Alt 11.09.2011, 17:27   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



1.) Wollte ich einen Vollscan sehen!

2.) Machst du Onlinebanking oder ähnlich kritische Dinge an diesem verseuchten Rechner?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.09.2011, 17:31   #5
Nico9
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



Oh sorry werde einen Vollscan durchführen ..


Nein wahrscheinlich zum Glück nicht

Gruss Nico


Alt 11.09.2011, 18:20   #6
Nico9
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



hier das ergebnis des vollscans

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7695

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11.09.2011 19:19:19
mbam-log-2011-09-11 (19-19-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 301646
Laufzeit: 46 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 11.09.2011, 18:58   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.09.2011, 21:10   #8
Nico9
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



So endlich fertig


ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=3ed24f021d67e340b8b22ff377f425ef
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-11 08:06:33
# local_time=2011-09-11 10:06:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 39128 52301633 88633 0
# compatibility_mode=5892 16776573 100 100 5656855 153297540 0 0
# compatibility_mode=8192 67108863 100 0 420 420 0 0
# scanned=143236
# found=2
# cleaned=0
# scan_time=6780
C:\Users\Nico Fuhrmann\AppData\Local\Temp\jar_cache209286109459687106.tmp Variante von Win32/Kryptik.SKG Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Nico Fuhrmann\AppData\Local\Temp\jar_cache5849829848438039450.tmp Win32/Spy.Zbot.YW Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I

Alt 12.09.2011, 09:25   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Uptodown EN Toolbar) - {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Uptodown EN Toolbar) - {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.)
O4 - HKCU..\Run: [otpi.exe]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\Shell\AutoRun\command - "" = I:\Installer.EXE
O33 - MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\Shell - "" = AutoRun
O33 - MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\Shell\AutoRun\command - "" = 1
[2011.09.08 20:04:07 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Recovery
[2011.08.19 15:21:04 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\Conduit
[2011.08.19 15:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Uptodown_EN
[2011.09.08 20:04:07 | 000,000,611 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\System Recovery.lnk
[2011.09.08 20:04:07 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011.09.08 20:04:07 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011.09.08 20:04:05 | 000,000,344 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011.07.08 17:03:13 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Igdoap
[2011.07.28 08:31:12 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Irub
[2011.07.12 09:00:35 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Koagky
[2011.07.28 22:30:24 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Niopx
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.09.2011, 14:09   #10
Nico9
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



So nach neustart bin ich wieder da


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40f5f417-32bb-4296-9446-c1e0094e7d82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40f5f417-32bb-4296-9446-c1e0094e7d82}\ deleted successfully.
C:\Programme\Uptodown_EN\prxtbUpto.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40f5f417-32bb-4296-9446-c1e0094e7d82} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40f5f417-32bb-4296-9446-c1e0094e7d82}\ not found.
File C:\Programme\Uptodown_EN\prxtbUpto.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\otpi.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ea31e79-8901-11e0-92d1-001d72b07da0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ea31e79-8901-11e0-92d1-001d72b07da0}\ not found.
File I:\Installer.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e17d0521-8931-11e0-a301-001d72b07da0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e17d0521-8931-11e0-a301-001d72b07da0}\ not found.
File 1 not found.
C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Recovery folder moved successfully.
C:\Users\Nico Fuhrmann\AppData\Local\Conduit\CT2828561 folder moved successfully.
C:\Users\Nico Fuhrmann\AppData\Local\Conduit folder moved successfully.
C:\Program Files\Uptodown_EN folder moved successfully.
C:\Users\Nico Fuhrmann\Desktop\System Recovery.lnk moved successfully.
C:\ProgramData\~P1kAlMiG2Kb7Fz moved successfully.
C:\ProgramData\~P1kAlMiG2Kb7Fzr moved successfully.
C:\ProgramData\P1kAlMiG2Kb7Fz moved successfully.
C:\Users\Nico Fuhrmann\AppData\Roaming\Igdoap folder moved successfully.
C:\Users\Nico Fuhrmann\AppData\Roaming\Irub folder moved successfully.
C:\Users\Nico Fuhrmann\AppData\Roaming\Koagky folder moved successfully.
C:\Users\Nico Fuhrmann\AppData\Roaming\Niopx folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nico Fuhrmann
->Temp folder emptied: 1133782905 bytes
->Temporary Internet Files folder emptied: 66009054 bytes
->Java cache emptied: 1957430 bytes
->FireFox cache emptied: 325718738 bytes
->Flash cache emptied: 34220 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 289291028 bytes
RecycleBin emptied: 8020383074 bytes

Total Files Cleaned = 9.382,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.27.0 log created on 09122011_140401

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 12.09.2011, 14:24   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.09.2011, 14:27   #12
Nico9
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



2011/09/12 15:25:53.0098 5344 TDSS rootkit removing tool 2.5.21.0 Sep 10 2011 21:07:05
2011/09/12 15:25:53.0215 5344 ================================================================================
2011/09/12 15:25:53.0215 5344 SystemInfo:
2011/09/12 15:25:53.0215 5344
2011/09/12 15:25:53.0215 5344 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/12 15:25:53.0215 5344 Product type: Workstation
2011/09/12 15:25:53.0216 5344 ComputerName: NICOFUHRMANN-PC
2011/09/12 15:25:53.0216 5344 UserName: Nico Fuhrmann
2011/09/12 15:25:53.0216 5344 Windows directory: C:\Windows
2011/09/12 15:25:53.0216 5344 System windows directory: C:\Windows
2011/09/12 15:25:53.0216 5344 Processor architecture: Intel x86
2011/09/12 15:25:53.0216 5344 Number of processors: 4
2011/09/12 15:25:53.0216 5344 Page size: 0x1000
2011/09/12 15:25:53.0216 5344 Boot type: Normal boot
2011/09/12 15:25:53.0216 5344 ================================================================================
2011/09/12 15:26:12.0652 5344 Initialize success
2011/09/12 15:26:28.0909 5508 ================================================================================
2011/09/12 15:26:28.0909 5508 Scan started
2011/09/12 15:26:28.0909 5508 Mode: Manual;
2011/09/12 15:26:28.0909 5508 ================================================================================
2011/09/12 15:26:29.0549 5508 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/12 15:26:29.0658 5508 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/09/12 15:26:29.0705 5508 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/09/12 15:26:29.0721 5508 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/09/12 15:26:29.0767 5508 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/09/12 15:26:29.0845 5508 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/12 15:26:29.0908 5508 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/09/12 15:26:29.0955 5508 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/12 15:26:29.0986 5508 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/09/12 15:26:30.0001 5508 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/09/12 15:26:30.0017 5508 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/09/12 15:26:30.0048 5508 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/09/12 15:26:30.0064 5508 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/09/12 15:26:30.0126 5508 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/09/12 15:26:30.0157 5508 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/09/12 15:26:30.0220 5508 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/12 15:26:30.0267 5508 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/12 15:26:30.0313 5508 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/12 15:26:30.0345 5508 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/12 15:26:30.0391 5508 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/12 15:26:30.0501 5508 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/12 15:26:30.0547 5508 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/12 15:26:30.0563 5508 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/12 15:26:30.0594 5508 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/12 15:26:30.0610 5508 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/12 15:26:30.0641 5508 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/12 15:26:30.0672 5508 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/12 15:26:30.0766 5508 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/12 15:26:30.0813 5508 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/12 15:26:30.0875 5508 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/12 15:26:30.0922 5508 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/09/12 15:26:31.0047 5508 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/12 15:26:31.0156 5508 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/09/12 15:26:31.0187 5508 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/09/12 15:26:31.0327 5508 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/12 15:26:31.0405 5508 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/09/12 15:26:31.0530 5508 CtClsFlt (a029cde0a50aee7eeffd70dd3821953d) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/09/12 15:26:31.0702 5508 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/12 15:26:31.0811 5508 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/12 15:26:31.0920 5508 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/12 15:26:31.0983 5508 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/09/12 15:26:32.0061 5508 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/12 15:26:32.0107 5508 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/12 15:26:32.0185 5508 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/12 15:26:32.0232 5508 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/09/12 15:26:32.0326 5508 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/12 15:26:32.0373 5508 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/12 15:26:32.0419 5508 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/12 15:26:32.0466 5508 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/12 15:26:32.0497 5508 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/12 15:26:32.0529 5508 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/12 15:26:32.0591 5508 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/12 15:26:32.0669 5508 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/12 15:26:32.0700 5508 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/12 15:26:32.0763 5508 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/12 15:26:32.0872 5508 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/12 15:26:33.0043 5508 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/12 15:26:33.0153 5508 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/12 15:26:33.0231 5508 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/12 15:26:33.0262 5508 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/09/12 15:26:33.0309 5508 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/12 15:26:33.0324 5508 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/09/12 15:26:33.0387 5508 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/12 15:26:33.0480 5508 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/09/12 15:26:33.0605 5508 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/12 15:26:33.0714 5508 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/12 15:26:33.0901 5508 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/09/12 15:26:33.0995 5508 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/12 15:26:34.0057 5508 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/12 15:26:34.0120 5508 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/12 15:26:34.0167 5508 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/12 15:26:34.0213 5508 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/12 15:26:34.0260 5508 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/09/12 15:26:34.0401 5508 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/12 15:26:34.0525 5508 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/12 15:26:34.0635 5508 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/12 15:26:34.0697 5508 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/12 15:26:34.0775 5508 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/09/12 15:26:34.0869 5508 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/12 15:26:35.0040 5508 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/12 15:26:35.0181 5508 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/12 15:26:35.0196 5508 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/12 15:26:35.0243 5508 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/12 15:26:35.0274 5508 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/12 15:26:35.0321 5508 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/09/12 15:26:35.0383 5508 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/12 15:26:35.0430 5508 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/12 15:26:35.0477 5508 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/12 15:26:35.0524 5508 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/12 15:26:35.0571 5508 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/12 15:26:35.0617 5508 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/09/12 15:26:35.0664 5508 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/12 15:26:35.0711 5508 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/12 15:26:35.0820 5508 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/12 15:26:35.0945 5508 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/12 15:26:36.0007 5508 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/12 15:26:36.0023 5508 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/12 15:26:36.0070 5508 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/09/12 15:26:36.0085 5508 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/09/12 15:26:36.0163 5508 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/12 15:26:36.0210 5508 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/12 15:26:36.0241 5508 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/12 15:26:36.0288 5508 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/12 15:26:36.0335 5508 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/12 15:26:36.0382 5508 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/12 15:26:36.0397 5508 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/12 15:26:36.0429 5508 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/12 15:26:36.0444 5508 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/12 15:26:36.0507 5508 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/12 15:26:36.0569 5508 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/12 15:26:36.0616 5508 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/12 15:26:36.0663 5508 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/12 15:26:36.0694 5508 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/12 15:26:36.0741 5508 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/12 15:26:36.0803 5508 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/12 15:26:36.0850 5508 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/12 15:26:36.0897 5508 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/12 15:26:36.0928 5508 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/12 15:26:36.0975 5508 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/12 15:26:37.0053 5508 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/12 15:26:37.0146 5508 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/12 15:26:37.0193 5508 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/12 15:26:37.0271 5508 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/09/12 15:26:37.0427 5508 NVHDA (0e616537f3e12d4c9fb71181c2f21bd5) C:\Windows\system32\drivers\nvhda32v.sys
2011/09/12 15:26:37.0692 5508 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/12 15:26:37.0817 5508 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/09/12 15:26:37.0848 5508 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/09/12 15:26:37.0879 5508 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/09/12 15:26:37.0911 5508 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/09/12 15:26:38.0020 5508 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/12 15:26:38.0051 5508 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/12 15:26:38.0098 5508 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/12 15:26:38.0129 5508 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/12 15:26:38.0176 5508 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/12 15:26:38.0207 5508 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/09/12 15:26:38.0238 5508 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/12 15:26:38.0301 5508 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/12 15:26:38.0410 5508 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/12 15:26:38.0457 5508 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/09/12 15:26:38.0581 5508 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/12 15:26:38.0628 5508 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/09/12 15:26:38.0691 5508 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/12 15:26:38.0753 5508 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/12 15:26:38.0769 5508 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/12 15:26:38.0831 5508 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/12 15:26:38.0878 5508 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/12 15:26:38.0909 5508 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/12 15:26:38.0956 5508 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/12 15:26:39.0003 5508 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/12 15:26:39.0034 5508 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/09/12 15:26:39.0049 5508 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/12 15:26:39.0096 5508 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/12 15:26:39.0174 5508 RLDesignVirtualAudioCableWdm (f5cd7457fa2f0d1078992ccb77a546c4) C:\Windows\system32\DRIVERS\livecamv.sys
2011/09/12 15:26:39.0237 5508 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/12 15:26:39.0330 5508 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/12 15:26:39.0361 5508 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/12 15:26:39.0455 5508 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/12 15:26:39.0502 5508 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/12 15:26:39.0533 5508 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/12 15:26:39.0549 5508 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/12 15:26:39.0595 5508 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/12 15:26:39.0642 5508 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/09/12 15:26:39.0658 5508 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/12 15:26:39.0689 5508 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/12 15:26:39.0705 5508 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/12 15:26:39.0736 5508 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/09/12 15:26:39.0751 5508 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/09/12 15:26:39.0767 5508 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/09/12 15:26:39.0814 5508 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/12 15:26:39.0876 5508 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/12 15:26:39.0923 5508 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/12 15:26:39.0970 5508 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/12 15:26:40.0017 5508 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/12 15:26:40.0048 5508 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/09/12 15:26:40.0126 5508 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/12 15:26:40.0157 5508 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/12 15:26:40.0188 5508 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/12 15:26:40.0204 5508 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/12 15:26:40.0282 5508 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/12 15:26:40.0329 5508 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/12 15:26:40.0360 5508 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/12 15:26:40.0407 5508 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/12 15:26:40.0438 5508 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/12 15:26:40.0500 5508 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/12 15:26:40.0547 5508 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/12 15:26:40.0625 5508 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/12 15:26:40.0656 5508 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/12 15:26:40.0672 5508 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/12 15:26:40.0703 5508 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/09/12 15:26:40.0750 5508 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/12 15:26:40.0812 5508 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/12 15:26:40.0968 5508 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/09/12 15:26:41.0077 5508 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/12 15:26:41.0187 5508 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/12 15:26:41.0311 5508 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/12 15:26:41.0436 5508 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/09/12 15:26:41.0483 5508 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/12 15:26:41.0545 5508 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/12 15:26:41.0592 5508 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/12 15:26:41.0670 5508 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/12 15:26:41.0733 5508 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/12 15:26:41.0826 5508 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/12 15:26:41.0889 5508 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/12 15:26:41.0935 5508 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/12 15:26:41.0982 5508 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/12 15:26:42.0107 5508 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/12 15:26:42.0247 5508 V0415Vid (d1f704a02aceec96f4e2252ba120fc68) C:\Windows\system32\DRIVERS\V0415Vid.sys
2011/09/12 15:26:42.0294 5508 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/12 15:26:42.0357 5508 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/12 15:26:42.0403 5508 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/09/12 15:26:42.0497 5508 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/09/12 15:26:42.0528 5508 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/09/12 15:26:42.0606 5508 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/12 15:26:42.0669 5508 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/12 15:26:42.0778 5508 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/12 15:26:42.0809 5508 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/09/12 15:26:42.0996 5508 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/12 15:26:43.0121 5508 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/12 15:26:43.0137 5508 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/12 15:26:43.0183 5508 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/09/12 15:26:43.0339 5508 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/12 15:26:43.0542 5508 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/12 15:26:43.0620 5508 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/12 15:26:43.0683 5508 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/12 15:26:43.0792 5508 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/12 15:26:43.0839 5508 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/09/12 15:26:43.0885 5508 MBR (0x1B8) (0519801742033545b239298c04ae2289) \Device\Harddisk1\DR1
2011/09/12 15:26:43.0917 5508 Boot (0x1200) (09ecf930fb0d9e59c1d03eae9552f266) \Device\Harddisk0\DR0\Partition0
2011/09/12 15:26:43.0963 5508 Boot (0x1200) (4da5aa2191d0a3e8709d94f4c7a665a9) \Device\Harddisk0\DR0\Partition1
2011/09/12 15:26:44.0010 5508 ================================================================================
2011/09/12 15:26:44.0010 5508 Scan finished
2011/09/12 15:26:44.0010 5508 ================================================================================
2011/09/12 15:26:44.0026 5500 Detected object count: 0
2011/09/12 15:26:44.0026 5500 Actual detected object count: 0

Alt 12.09.2011, 14:30   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.09.2011, 14:43   #14
Nico9
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



So ..


Combofix Logfile:
Code:
ATTFilter
ComboFix 11-09-12.02 - Nico Fuhrmann 12.09.2011  15:35:42.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1854 [GMT 2:00]
ausgeführt von:: c:\users\Nico Fuhrmann\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\SystemData
c:\systemdata\41E816B4EFB28B3
c:\users\Nico Fuhrmann\AppData\Local\ConduitInstaller.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-12 bis 2011-09-12  ))))))))))))))))))))))))))))))
.
.
2011-09-12 11:52 . 2011-09-12 11:52	--------	d-----w-	C:\_OTL
2011-09-11 18:06 . 2011-09-11 18:06	--------	d-----w-	c:\program files\ESET
2011-09-11 14:34 . 2011-09-11 14:34	--------	d-----w-	c:\users\Nico Fuhrmann\AppData\Roaming\Malwarebytes
2011-09-11 14:33 . 2011-07-06 17:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-11 14:33 . 2011-09-11 14:33	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-11 14:33 . 2011-09-11 14:34	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-09-11 14:33 . 2011-07-06 17:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-09 19:05 . 2011-09-09 19:05	--------	d-----w-	c:\users\Nico Fuhrmann\AppData\Local\4A Games
2011-09-09 19:05 . 2011-09-09 19:05	--------	d-----w-	c:\users\Nico Fuhrmann\AppData\Roaming\NVIDIA
2011-09-09 13:51 . 2011-09-09 13:51	--------	d-----w-	c:\programdata\WindowsSearch
2011-08-31 14:35 . 2011-08-31 14:35	--------	d-----w-	c:\users\Nico Fuhrmann\AppData\Roaming\dvdcss
2011-08-24 12:12 . 2011-07-11 13:25	2048	----a-w-	c:\windows\system32\tzres.dll
2011-08-20 13:56 . 2008-10-15 04:22	452440	----a-w-	c:\windows\system32\d3dx10_40.dll
2011-08-20 13:56 . 2008-10-15 04:22	2036576	----a-w-	c:\windows\system32\D3DCompiler_40.dll
2011-08-20 13:56 . 2008-10-15 04:22	4379984	----a-w-	c:\windows\system32\D3DX9_40.dll
2011-08-19 13:21 . 2011-08-19 13:21	--------	d-----w-	c:\program files\Conduit
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 13:53 . 2011-05-28 12:11	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 15:07 . 2010-06-24 09:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-22 13:54 . 2011-08-11 14:11	1383424	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-06 15:31 . 2011-08-11 14:11	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-28 15:16 . 2011-05-28 08:10	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-28 15:16 . 2011-05-28 08:10	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-22 13:50 . 2011-06-22 12:57	183152	----a-w-	c:\windows\system32\PnkBstrB.exe
2011-06-22 13:28 . 2011-06-22 12:57	139224	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2011-06-22 12:59 . 2011-06-22 12:59	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2011-06-22 12:57 . 2011-06-22 12:57	22328	----a-w-	c:\users\Nico Fuhrmann\AppData\Roaming\PnkBstrK.sys
2011-06-22 12:57 . 2011-06-22 12:57	669184	----a-w-	c:\windows\system32\pbsvc.exe
2011-06-22 12:57 . 2011-06-22 12:57	66872	----a-w-	c:\windows\system32\PnkBstrA.exe
2011-06-22 12:40 . 2011-06-22 12:40	646	----a-w-	c:\windows\system32\ealregsnapshot1.reg
2011-06-21 15:49 . 2011-08-11 14:11	834048	----a-w-	c:\windows\system32\wininet.dll
2011-06-21 14:13 . 2011-08-11 14:11	389632	----a-w-	c:\windows\system32\html.iec
2011-06-20 08:54 . 2011-08-11 14:11	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54 . 2011-08-11 14:11	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13 . 2011-08-11 14:11	905104	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:03 . 2011-08-11 14:11	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-09-07 11:28 . 2011-05-28 08:35	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Live! Central"="c:\program files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" [2008-08-22 438399]
"V0415Mon.exe"="c:\windows\V0415Mon.exe" [2008-08-06 28672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Nico Fuhrmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28	124480	----a-w-	c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-15 15:34	1242448	----a-w-	c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-04 17:42	2424192	----a-w-	c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0415Mon.exe]
2008-08-06 15:00	28672	----a-w-	c:\windows\V0415Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-28 218688]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-08-12 135616]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-25 139368]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
S3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\DRIVERS\V0415Vid.sys [2008-08-14 282464]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 42142481
*Deregistered* - 42142481
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 20:20]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-28 20:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2828561
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nico Fuhrmann\AppData\Roaming\Mozilla\Firefox\Profiles\m01tzwhl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2828561&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Uptodown_EN Toolbar - c:\progra~1\UPTODO~1\UNINST~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-12 15:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-12  15:42:57
ComboFix-quarantined-files.txt  2011-09-12 13:42
.
Vor Suchlauf: 10 Verzeichnis(se), 292.416.966.656 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 293.440.950.272 Bytes frei
.
- - End Of File - - EE51881CE894CBB713D66B2FB0B0541C
         
--- --- ---

Alt 12.09.2011, 15:17   #15
Nico9
 
Nach vermutlichem Virus Befall Daten weg ! - Standard

Nach vermutlichem Virus Befall Daten weg !



Scheint alles wieder da zu sein , muss ich jetz noch etwas tun =?=

Gruss Nico

Antwort

Themen zu Nach vermutlichem Virus Befall Daten weg !
antivir, befall, daten, daten weg, desktop, einfach, firefox, fotos, games, hallo zusammen, hoffe, komplett, leer, musik, nichts, problem, videos, virus, virus befall, zusammen



Ähnliche Themen: Nach vermutlichem Virus Befall Daten weg !


  1. nach Befall durch BKA Virus Entfernung durch Fachhandel Jetzt startet Windows sicherheitsdienst nicht mehr
    Log-Analyse und Auswertung - 05.06.2014 (14)
  2. Nach PC-Neuaufsetzen nach Adware-Befall - PC sauber?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (13)
  3. nach GVU-Virus Windows neu aufgespielt - wie komme ich jetzt an meine alten daten?
    Log-Analyse und Auswertung - 15.07.2013 (9)
  4. Frage zu:Daten sichern bei Neuinstallation nach Virus
    Alles rund um Windows - 13.06.2013 (4)
  5. daten -locked- nach gema-virus
    Plagegeister aller Art und deren Bekämpfung - 05.12.2012 (7)
  6. Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus)
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (17)
  7. Daten retten nach Verschlüsselungstrojaner
    Anleitungen, FAQs & Links - 25.06.2012 (1)
  8. Nach Befall auch Daten auf der NAS bedroht?
    Plagegeister aller Art und deren Bekämpfung - 05.01.2012 (1)
  9. Nach Virus/Trojaner-Befall sind alle WORD-Dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 28.11.2011 (10)
  10. Daten-Rettung mit Knoppix nach Torpig Befall
    Plagegeister aller Art und deren Bekämpfung - 18.09.2011 (1)
  11. Nach Windows-Recovery (?) Befall und Entfernen via Malware schwarzer Hintergrund und alle Daten weg
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (23)
  12. BKA-Trojaner / Daten sichern ohne Befall?
    Plagegeister aller Art und deren Bekämpfung - 15.04.2011 (1)
  13. Virus Befall nach neuinstall
    Plagegeister aller Art und deren Bekämpfung - 20.09.2009 (16)
  14. welche daten sind nach befall zu retten?
    Plagegeister aller Art und deren Bekämpfung - 02.10.2007 (2)
  15. habe das gleiche problem wie "neuinstallation nach virus befall nicht möglich" !
    Plagegeister aller Art und deren Bekämpfung - 01.09.2007 (0)
  16. Virus Befall...bitte mal Logfile nach schauen.
    Log-Analyse und Auswertung - 19.08.2005 (2)
  17. Bitte um Hilfe bei vermutlichem Wurmbefall (HiJack-Log vorhanden)
    Log-Analyse und Auswertung - 20.11.2004 (5)

Zum Thema Nach vermutlichem Virus Befall Daten weg ! - Hallo zusammen , ich habe schon wieder ein problem, und zwar hatte oder habe ich schon wieder einen virus auf meinem pc , und von jetz auf gleich waren so - Nach vermutlichem Virus Befall Daten weg !...
Archiv
Du betrachtest: Nach vermutlichem Virus Befall Daten weg ! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.