Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Musik im Hintergrund! Virus?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.09.2010, 09:46   #1
-Annika-
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Guten Morgen!

Ich habe das Problem, dass bei mir, wenn ich ICQ/ Skype benutze, nach kurzer Zeit Musik beginnt, die sich wie bei einer Schlacht anhört.

Ich habe hier im Forum schon gelese, dass das Problem bei mehreren aufgetreten ist. Ich habe nun die SUPERAntiSpyware benutzt und folgendes Ergebnis bekommen.

Ich hoffe ihr könnt mir helfen!

Lg


SUPERAntiSpyware Scan Log
h**p://w*w.superantispyware.com

Generated 09/03/2010 at 10:33 AM

Application Version : 4.42.1000

Core Rules Database Version : 5449
Trace Rules Database Version: 3261

Scan type : Complete Scan
Total Scan Time : 01:42:54

Memory items scanned : 716
Memory threats detected : 0
Registry items scanned : 8319
Registry threats detected : 0
File items scanned : 133805
File threats detected : 38

Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atdmt[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@apmebf[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@mediaplex[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@cdn.at.atwola[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adfarm1.adition[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tacoda[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adserver.traffictrack[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@advertising[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[3].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@serving-sys[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@bs.serving-sys[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@at.atwola[2].txt
akamai.smartadserver.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
broadcast.piximedia.fr [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
cdn1.eyewonder.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
cdn5.specificclick.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
ch.mediaplanet.streamingbolaget.se [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
ds.serving-sys.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
ec.atdmt.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
googleads.g.doubleclick.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
hottraffic.nl [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
ia.media-imdb.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
imagesrv.adition.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
m1.emea.2mdn.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
macromedia.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
media.mtvnservices.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
media.stage-entertainment.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
media.thewb.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
memecounter.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
objects.tremormedia.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
s0.2mdn.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
w*w.secmedia.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
w*w.unitymedia.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
w*w2.satzmedia-catalog.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]

Ich hab nun auch den MBR-Check (hoffentlich richtig) durchgeführt.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: F5SR
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 158):
0x81E43000 \SystemRoot\system32\ntkrnlpa.exe
0x81E10000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80486000 \SystemRoot\system32\PSHED.dll
0x80497000 \SystemRoot\system32\BOOTVID.dll
0x8049F000 \SystemRoot\system32\CLFS.SYS
0x804E0000 \SystemRoot\system32\CI.dll
0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068B000 \SystemRoot\system32\drivers\acpi.sys
0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E2000 \SystemRoot\system32\drivers\pci.sys
0x80709000 \SystemRoot\System32\drivers\partmgr.sys
0x80718000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80725000 \SystemRoot\system32\drivers\volmgr.sys
0x80734000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077E000 \SystemRoot\system32\drivers\pciide.sys
0x80785000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80793000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A3000 \SystemRoot\system32\drivers\atapi.sys
0x807AB000 \SystemRoot\system32\drivers\ataport.SYS
0x807C9000 \SystemRoot\system32\drivers\fltmgr.sys
0x805C0000 \SystemRoot\system32\drivers\fileinfo.sys
0x805D0000 \SystemRoot\System32\Drivers\AsDsm.sys
0x805DA000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x89E07000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89E78000 \SystemRoot\system32\drivers\ndis.sys
0x89F83000 \SystemRoot\system32\drivers\msrpc.sys
0x89FAE000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A001000 \SystemRoot\System32\drivers\tcpip.sys
0x8A0EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A205000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A315000 \SystemRoot\system32\drivers\wd.sys
0x8A31D000 \SystemRoot\system32\drivers\volsnap.sys
0x8A356000 \SystemRoot\System32\Drivers\spldr.sys
0x8A35E000 \SystemRoot\System32\Drivers\mup.sys
0x8A36D000 \SystemRoot\System32\drivers\ecache.sys
0x8A394000 \SystemRoot\system32\drivers\disk.sys
0x8A3A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A3C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A106000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A10F000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x8A117000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E00B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8E4D5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E576000 \SystemRoot\System32\drivers\watchdog.sys
0x8E582000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E595000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8E59D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E5A8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E5D7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E5D9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E5E4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8A126000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A130000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A16E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A17D000 \SystemRoot\system32\DRIVERS\SiSGB6.sys
0x8E60D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E6F1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E77E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E782000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8E7A1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A18D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E7D0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E7DB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E7F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A1CE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A1F1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x89FE9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805E2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EA02000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EA12000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EA14000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EA3E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EA48000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EA55000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EA8A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EC00000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EA9B000 \SystemRoot\system32\drivers\portcls.sys
0x8EAC8000 \SystemRoot\system32\drivers\drmk.sys
0x8EE04000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8EF2A000 \SystemRoot\system32\drivers\modem.sys
0x8EF37000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x8EF41000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EF4A000 \SystemRoot\System32\Drivers\Null.SYS
0x8EF51000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EF58000 \SystemRoot\System32\drivers\vga.sys
0x8EF64000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EF85000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EF8D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EF95000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EFA0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EFAE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EFB7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EFCD000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EAED000 \SystemRoot\system32\drivers\afd.sys
0x8EB35000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EFE1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EDF2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EB67000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EFF7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8EB7A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8EB9C000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8EBA2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EBDE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8EBE8000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F006000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F022000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F024000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F031000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F03C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8F044000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8E600000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8F1F5000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8A3CF000 \SystemRoot\system32\DRIVERS\ewusbdev.sys
0x94C01000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x95CC0000 \SystemRoot\System32\win32k.sys
0x94C13000 \SystemRoot\System32\drivers\Dxapi.sys
0x94C1D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95EE0000 \SystemRoot\System32\TSDDD.dll
0x95F00000 \SystemRoot\System32\cdd.dll
0x94C2C000 \SystemRoot\system32\drivers\luafv.sys
0x94C47000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x94C72000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0x94CC0000 \SystemRoot\system32\drivers\spsys.sys
0x94D70000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94D80000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x94DAA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x94DB4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x94DC7000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x9D40B000 \SystemRoot\system32\drivers\HTTP.sys
0x9D478000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D495000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D4AE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D4C3000 \SystemRoot\system32\drivers\mrxdav.sys
0x9D4E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D503000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D53C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D554000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D57B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D5C9000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA0E0D000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xA0E9D000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0xA0EA0000 \SystemRoot\system32\drivers\peauth.sys
0xA0F7E000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA0FA6000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0FB0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0FBC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA0FD1000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA0FE3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9D5DF000 \SystemRoot\system32\DRIVERS\ewusbnet.sys
0x94DCE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x77C00000 \Windows\System32\ntdll.dll

Processes (total 83):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
612 csrss.exe
676 C:\Windows\System32\wininit.exe
688 csrss.exe
720 C:\Windows\System32\services.exe
736 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
768 C:\Windows\System32\winlogon.exe
932 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\Ati2evxx.exe
1240 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\audiodg.exe
1400 C:\Windows\System32\SLsvc.exe
1496 C:\Windows\System32\svchost.exe
1576 C:\Windows\System32\Ati2evxx.exe
1616 C:\Program Files\ASUS\SmartLogon\smartlogon.exe
1696 C:\Windows\System32\svchost.exe
1880 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
1900 C:\Windows\System32\dwm.exe
1928 C:\Program Files\ATK Hotkey\ASLDRSrv.exe
1952 C:\Windows\explorer.exe
1960 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2008 C:\Windows\System32\wlanext.exe
300 C:\Windows\System32\taskeng.exe
304 C:\Windows\System32\spoolsv.exe
548 C:\Program Files\Avira\AntiVir Desktop\sched.exe
564 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\taskeng.exe
1716 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
1920 C:\Windows\System32\taskeng.exe
2104 C:\Program Files\Windows Defender\MSASCui.exe
2112 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
2140 C:\Windows\RtHDVCpl.exe
2152 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2184 C:\Program Files\ASUS\ATK Media\DMedia.exe
2200 C:\Windows\System32\ASUSTPE.exe
2208 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2220 C:\Program Files\ATK Hotkey\HControl.exe
2252 C:\Windows\ASScrPro.exe
2260 C:\Program Files\ATKOSD2\ATKOSD2.exe
2272 C:\Program Files\Wireless Console 2\wcourier.exe
2280 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
2292 C:\Program Files\P4G\BatteryLife.exe
2376 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
2384 C:\Program Files\QuickTime\QTTask.exe
2400 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2440 C:\Windows\System32\agrsmsvc.exe
2448 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2460 C:\Program Files\iTunes\iTunesHelper.exe
2508 C:\Program Files\Windows Sidebar\sidebar.exe
2516 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2524 C:\Windows\ehome\ehtray.exe
2536 C:\Program Files\ICQ7.2\ICQ.exe
2652 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2704 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2736 C:\Program Files\Bonjour\mDNSResponder.exe
2804 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
2824 C:\Windows\ehome\ehmsas.exe
2968 C:\Program Files\ATK Hotkey\ATKOSD.exe
3024 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3120 C:\Windows\System32\svchost.exe
3152 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
3180 C:\Windows\System32\svchost.exe
3276 C:\Windows\System32\svchost.exe
3324 C:\Windows\System32\SearchIndexer.exe
3532 C:\Program Files\ATK Hotkey\KBFiltr.exe
3656 WUDFHost.exe
1820 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2728 C:\Program Files\iPod\bin\iPodService.exe
4512 C:\Program Files\Mobile Partner\Mobile Partner.exe
4924 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1380 C:\Program Files\Mozilla Firefox\firefox.exe
5816 C:\Program Files\Mozilla Firefox\plugin-container.exe
5824 C:\Windows\System32\conime.exe
4380 C:\Windows\System32\SearchProtocolHost.exe
1556 C:\Windows\System32\SearchFilterHost.exe
2504 C:\Users\***\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001f`8d1db400 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): -1

Alt 06.09.2010, 13:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 07.09.2010, 09:02   #3
-Annika-
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Viiielen Dank für die Antwort!!
Hab nun die beiden Scans durchgeführt.


Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4558

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

07.09.2010 09:49:53
mbam-log-2010-09-07 (09-49-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 262487
Laufzeit: 1 Stunde(n), 46 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.09.2010 09:53:37 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 42,66 Gb Free Space | 36,64% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 106,65 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 29,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0498CFC5-29E4-4869-A74E-1FC660E8F6F1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{35432A52-75AB-429D-824E-A322D91C40DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{60F7ACF0-7A1C-4AF7-B96D-62D4F170B65A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{72D42E46-F58D-4E37-9E6E-3B82B13B6CF6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{80E87222-5153-4800-AE55-A336B043F264}" = rport=139 | protocol=6 | dir=out | app=system | 
"{89C10D09-C5E0-472D-8F24-6918BBD6F433}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8BF96F11-8351-4AD6-B43A-4D78C22541E0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{92CDE1D0-ABF4-4D37-9BE7-FDBE222683B6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BE5B970D-FD3E-4614-BEB0-FF556F4E506D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D12F72AA-D150-4C67-B9E3-F900F758A132}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D5122FD5-1572-45AF-AAAA-5591E81A779F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E3DBD2C7-A7EE-477E-A7CD-14EC1B76E8B6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E6719A7D-B86C-4CC2-B1FA-B5BC398F6B35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E701FB5E-8399-4BD8-ACCE-85B2A14EF838}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E9EB4C76-7C37-49F3-BCEB-E3BB4BB20159}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F0883051-6818-4C60-9176-E8A212A5651F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F28639BF-AF21-42DC-AE34-C946145CB4DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F6D4FE6C-DAE6-46F5-8C4F-6FB389D744FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FC286C-7D9F-47AF-990A-8E83FEBA1CA0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{09099352-246A-4024-97AF-EC0DC208D804}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0B0762BE-9FFD-45A2-992D-316AD62CA8FC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{11D6AF53-E422-4F23-BF43-AFBE3E571361}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{16D4BE85-372A-4541-9326-44B54CF5F6A3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{19C4D9E1-C6EE-44D0-A4D5-358C9560669C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{31FE4E2F-D29A-42AB-93BA-20A3864DCEB0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{492E6544-8659-4AE6-B0D2-80CA068FA3F6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{5A732FC0-A5B2-4164-BE39-9BFB4B1CC3B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7B569B1C-1F8A-4FB9-BE2F-1C6917A2C154}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{87D4A2B4-4CBD-4650-82FF-C5E43D0D8552}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{9D9C8259-DCE1-40A5-9D7F-D82BDAFE2006}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CF9E5C4B-2C55-4ED0-9A32-746586E816E9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D0737C6C-799E-40AB-8ACA-57FA255EEE5B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{E40D479D-89B8-45D9-8D59-A31B9C7CE05E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{EA07BB01-877A-4735-B984-17E45B3692B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{ED856ED1-8559-4F39-8201-8E5116D7DB5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F09F5273-3072-41FE-B015-15198030A71D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F74C2842-84F2-4218-B5F7-D174EAC9E407}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F7749232-A452-477A-98BD-D1278D3B65E4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"TCP Query User{646C96D5-75A9-4BAC-8506-AC57B87A6D00}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{6C296C16-07E4-4792-A5CF-7FD19542774B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{FB8A6B8A-67B6-413D-932C-E387495FF686}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{4218F62E-367A-4B19-8237-E21E7273725F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{4CF2398E-AD4B-4D2F-9463-4CF377CB9073}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{C666CE96-F938-4A4A-B34C-E5235CBBED63}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{5A1084A3-79B7-480C-9275-D8AA0CCEFA52}" = RUBICon
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"Works2005Setup" = Setup-Start von Microsoft Works 2005
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.07.2010 08:49:42 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 08.07.2010 12:50:53 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.07.2010 15:43:00 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 09.07.2010 01:58:59 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.07.2010 06:39:10 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.07.2010 17:02:01 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.07.2010 03:42:53 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.07.2010 03:50:21 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 10.07.2010 11:17:15 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.07.2010 11:32:28 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 06.09.2010 05:49:26 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 151.81.66.120 für die Netzwerkkarte mit der Netzwerkadresse
 001E101FA1F5 wurde durch den DHCP-Server 151.83.188.209 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 06.09.2010 06:06:54 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 151.83.188.212 für die Netzwerkkarte mit der Netzwerkadresse
 001E101FA1F5 wurde durch den DHCP-Server 151.81.88.129 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 06.09.2010 06:13:38 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 151.81.88.131 für die Netzwerkkarte mit der Netzwerkadresse
 001E101FA1F5 wurde durch den DHCP-Server 151.81.170.118 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 06.09.2010 06:21:41 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 151.81.170.117 für die Netzwerkkarte mit der Netzwerkadresse
 001E101FA1F5 wurde durch den DHCP-Server 151.82.83.97 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 06.09.2010 06:24:52 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 151.82.83.98 für die Netzwerkkarte mit der Netzwerkadresse
 001E101FA1F5 wurde durch den DHCP-Server 151.82.61.193 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 06.09.2010 08:42:03 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 06.09.2010 12:06:54 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 06.09.2010 12:25:37 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 151.82.19.170 für die Netzwerkkarte mit der Netzwerkadresse
 001E101FE70E wurde durch den DHCP-Server 151.82.178.197 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 06.09.2010 19:18:31 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 07.09.2010 02:01:48 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.09.2010 09:53:37 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 42,66 Gb Free Space | 36,64% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 106,65 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 29,26 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mobile Partner\Mobile Partner.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "h**p://w*w.web.de/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.17 16:23:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.23 08:58:37 | 000,000,000 | ---D | M]
 
[2008.12.25 18:09:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.07 09:00:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o8tikm3e.default\extensions
[2010.09.02 17:27:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o8tikm3e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.11 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\o8tikm3e.default\extensions\moveplayer@movenetworks.com
[2010.08.17 18:59:13 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.04.21 08:07:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.17 18:59:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.06.28 12:38:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.28 12:38:00 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.28 12:38:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.06.28 12:38:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.06.28 12:38:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SymLnch] C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.70.152.25 193.70.192.25
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.26 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.03.07 02:34:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{026605ca-0cd6-11de-9938-0023548889e6}\Shell\AutoRun\command - "" = wbj.exe
O33 - MountPoints2\{026605ca-0cd6-11de-9938-0023548889e6}\Shell\open\Command - "" = wbj.exe
O33 - MountPoints2\{3d53c77f-b466-11df-b1bd-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{3d53c77f-b466-11df-b1bd-00a0c6000000}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{52740197-b794-11df-bedc-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{52740197-b794-11df-bedc-001e101f8924}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.26 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{636a6f51-b51f-11df-ab56-0023548889e6}\Shell - "" = AutoRun
O33 - MountPoints2\{636a6f51-b51f-11df-ab56-0023548889e6}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.26 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{688967d6-b591-11df-9fa8-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{688967d6-b591-11df-9fa8-001e101fabdd}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2009.08.26 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.06 18:32:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.09.06 18:32:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.06 18:32:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.06 18:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.06 18:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.03 08:40:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2010.09.03 08:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.09.03 08:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.09.01 07:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010.08.31 19:08:55 | 000,000,000 | ---D | C] -- C:\Users\***\Office Genuine Advantage
[2010.08.31 18:50:21 | 000,113,664 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010.08.31 18:50:21 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010.08.31 18:50:21 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010.08.31 18:50:21 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010.08.31 18:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Partner
[2010.08.31 15:33:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bologna
[2010.08.30 20:53:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vodafone
[2010.08.30 20:53:16 | 000,105,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\zteusbvoice.sys
[2010.08.30 20:53:14 | 000,105,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2010.08.30 20:53:13 | 000,110,592 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbnet.sys
[2010.08.30 20:53:10 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2010.08.30 20:53:08 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2010.08.30 20:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone
[2010.08.30 20:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.08.30 20:51:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AADEF95F-E36B-426E-B7B1-70E7D4F6AA5B}
[2010.08.27 08:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.08.26 22:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Picture It! Premium 10
[2010.08.26 22:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works Suite 2005
[2010.08.20 19:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\RUB
[2010.08.19 12:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.08.19 12:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.08.18 15:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010.08.18 15:14:01 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010.08.18 15:14:00 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010.08.18 15:14:00 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010.08.18 15:13:30 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010.08.18 15:13:29 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010.08.18 15:13:27 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010.08.18 15:13:27 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010.08.18 15:13:27 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010.08.18 15:13:27 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010.08.18 15:13:27 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010.08.18 15:13:27 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010.08.18 15:13:27 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010.08.18 15:13:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010.08.18 15:13:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010.08.18 15:13:27 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010.08.18 15:13:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010.08.18 15:13:27 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010.08.18 15:13:26 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010.08.18 15:13:26 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010.08.18 15:13:26 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010.08.18 15:13:26 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010.08.18 15:13:26 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010.08.18 15:13:26 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010.08.18 15:13:26 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010.08.18 15:13:26 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010.08.18 15:13:26 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010.08.18 15:13:26 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010.08.18 15:13:26 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010.08.18 15:12:50 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010.08.18 15:12:50 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010.08.18 15:12:47 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010.08.18 15:12:45 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010.08.18 15:12:45 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010.08.18 15:12:45 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010.08.18 15:12:45 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010.08.18 15:12:45 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010.08.18 15:12:45 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010.08.18 15:11:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010.08.18 15:11:32 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010.08.18 09:35:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010.08.18 09:35:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010.08.18 09:35:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010.08.17 20:44:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\phase6_17_Daten
[2010.08.17 20:44:17 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\SecuROM
[2010.08.17 20:37:03 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bologna
[2010.08.17 20:32:40 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2010.08.17 20:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2010.08.17 20:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2010.08.17 19:58:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype
[2010.08.17 19:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.08.17 19:58:14 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.08.17 19:56:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2010.08.17 19:56:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2010.08.17 19:55:23 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.08.17 19:55:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.08.17 19:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.08.17 19:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.08.17 19:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.08.17 19:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.08.17 19:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.08.17 19:52:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2010.08.17 19:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.08.17 19:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.08.17 19:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.08.17 19:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.08.17 19:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.08.17 19:01:09 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop\HA Berufliche Bildung
[2010.08.17 18:59:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.17 18:59:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.17 18:59:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.17 18:52:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Uni
[2010.08.17 18:51:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Sonstiges
[2010.08.17 18:51:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Rezepte
[2010.08.17 18:51:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\OneNote-Notizbücher
[2010.08.17 18:51:04 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nachhilfe
[2010.08.17 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine Scans
[2010.08.17 18:50:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\lustigrs
[2010.08.17 18:40:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ICQ
[2010.08.17 18:21:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ICQ
[2010.08.17 18:21:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AOL
[2010.08.17 18:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2010.08.17 16:51:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ASUS
[2010.08.11 11:06:09 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 11:06:04 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.11 11:06:01 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 11:06:01 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.08.11 11:05:51 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 11:05:50 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 11:05:46 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 11:05:46 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2008.06.03 08:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.07 09:54:42 | 002,097,152 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.09.07 09:42:41 | 000,000,162 | -H-- | M] () -- C:\Users\***\Desktop\~$Virus.docx
[2010.09.07 09:42:40 | 000,010,042 | ---- | M] () -- C:\Users\***\Desktop\Virus.docx
[2010.09.07 08:39:27 | 000,000,162 | -H-- | M] () -- C:\Users\***\Desktop\~$emails.docx
[2010.09.07 07:59:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 07:59:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 07:59:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.07 07:59:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.07 07:59:07 | 3218,382,848 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.07 01:37:12 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{4e99e680-6d62-11de-bb46-0023548889e6}.TMContainer00000000000000000002.regtrans-ms
[2010.09.07 01:37:12 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{4e99e680-6d62-11de-bb46-0023548889e6}.TM.blf
[2010.09.07 01:37:04 | 002,573,102 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.09.06 18:32:18 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.06 12:34:21 | 000,040,960 | ---- | M] () -- C:\Users\***\Desktop\Hausarbeit.doc
[2010.09.06 12:22:42 | 000,013,911 | ---- | M] () -- C:\Users\***\Desktop\emails.docx
[2010.09.06 10:33:53 | 000,011,817 | ---- | M] () -- C:\Users\***\Desktop\B.docx
[2010.09.05 18:22:33 | 000,011,330 | ---- | M] () -- C:\Users\***\Desktop\Ausgaben.xlsx
[2010.09.04 07:15:17 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.04 07:15:17 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.04 07:15:17 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.04 07:15:17 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.04 07:15:17 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.03 08:40:17 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.31 18:50:25 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2010.08.27 08:07:33 | 000,108,224 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.27 08:06:18 | 000,392,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.26 12:10:47 | 000,009,216 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.23 08:58:37 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.20 19:14:42 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\RUBICon.lnk
[2010.08.18 15:44:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.08.17 20:04:30 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2010.08.17 20:03:09 | 000,001,982 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010.08.17 19:58:16 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.17 19:56:19 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.17 18:22:05 | 000,001,616 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
 
========== Files Created - No Company Name ==========
 
[2010.09.07 09:42:41 | 000,000,162 | -H-- | C] () -- C:\Users\***\Desktop\~$Virus.docx
[2010.09.07 09:42:39 | 000,010,042 | ---- | C] () -- C:\Users\***\Desktop\Virus.docx
[2010.09.07 08:39:27 | 000,000,162 | -H-- | C] () -- C:\Users\***\Desktop\~$emails.docx
[2010.09.06 18:32:18 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.06 10:44:42 | 000,040,960 | ---- | C] () -- C:\Users\***\Desktop\Hausarbeit.doc
[2010.09.06 10:33:52 | 000,011,817 | ---- | C] () -- C:\Users\***\Desktop\B.docx
[2010.09.05 18:22:03 | 000,011,330 | ---- | C] () -- C:\Users\***\Desktop\Ausgaben.xlsx
[2010.09.03 08:40:17 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.09.01 14:41:33 | 000,013,911 | ---- | C] () -- C:\Users\***\Desktop\emails.docx
[2010.08.31 18:50:25 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2010.08.20 19:14:42 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\RUBICon.lnk
[2010.08.19 12:32:55 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.18 15:44:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.08.17 20:03:09 | 000,001,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010.08.17 20:02:49 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2010.08.17 19:58:16 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.17 19:56:19 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.08.17 18:22:05 | 000,001,616 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2009.12.20 17:15:04 | 000,009,216 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.17 12:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.10.19 08:05:58 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.08.30 17:38:11 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009.08.30 17:38:11 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009.08.06 10:26:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.03.14 05:32:25 | 000,000,021 | ---- | C] () -- \NIS2008.TXT
[2009.02.07 19:54:53 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.12.26 09:37:05 | 3218,382,848 | -HS- | C] () -- 
[2008.12.26 09:37:01 | 3534,262,272 | -HS- | C] () -- 
[2008.11.14 23:22:05 | 000,018,825 | ---- | C] () -- \devlist.txt
[2008.11.14 23:18:45 | 000,000,009 | ---- | C] () -- \Finish.log
[2008.11.14 22:37:57 | 000,000,426 | ---- | C] () -- \RHDSetup.log
[2008.11.14 22:04:07 | 000,000,481 | ---- | C] () -- \igoogle_log.txt
[2008.11.14 21:37:51 | 000,000,021 | ---- | C] () -- \V552.txt
[2008.11.14 21:29:14 | 000,000,166 | ---- | C] () -- \SumHidd.txt
[2008.11.14 21:28:26 | 000,000,098 | ---- | C] () -- \SumOS.txt
[2008.11.14 08:21:21 | 000,000,105 | ---- | C] () -- \Pass.txt
[2008.11.14 08:21:01 | 000,000,005 | ---- | C] () -- \store.log
[2008.10.01 07:09:42 | 000,000,021 | ---- | C] () -- \msapp2.LOG
[2008.07.15 05:17:51 | 000,000,026 | ---- | C] () -- \RECOVERY.DAT
[2008.07.15 05:17:37 | 000,000,025 | ---- | C] () -- \Driver.10
[2008.07.07 05:12:03 | 001,048,576 | ---- | C] () -- \F5SLAS.BIN
[2008.07.02 05:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.23 05:01:42 | 000,000,030 | ---- | C] () -- \NERO.LOG
[2008.05.22 19:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.04.29 15:49:01 | 000,000,020 | ---- | C] () -- \READER_A.TXT
[2008.04.16 13:27:17 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008.04.16 13:27:14 | 000,333,257 | RHS- | C] () -- \bootmgr
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.04.16 12:43:26 | 000,000,019 | ---- | C] () -- \CA21.txt
[2008.03.21 04:56:21 | 000,002,666 | ---- | C] () -- \Patch.LOG
[2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.01 08:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.06.12 20:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico
[2007.05.09 09:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.03.16 01:17:34 | 000,000,025 | ---- | C] () -- \OFFICE2007_A.TXT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:25 | 001,197,056 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002.07.25 11:25:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\IR41_QCX.dll
< End of report >
         
--- --- ---
__________________

Alt 07.09.2010, 10:10   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.09.2010, 16:08   #5
-Annika-
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Hallo! Ich habe das jetzt ausgeführt - allerdings kommt die Musik immer noch. Was kann ich noch tun?

Danke!!


Alt 07.09.2010, 16:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> Musik im Hintergrund! Virus?

Alt 07.09.2010, 17:57   #7
-Annika-
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Alles ausgeführt! Hier das Ergebnis:


Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-06.04 - *** 07.09.2010  18:37:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3071.2092 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\pi.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-07 bis 2010-09-07  ))))))))))))))))))))))))))))))
.

2010-09-07 16:08 . 2010-09-07 16:08	--------	d-----w-	c:\program files\CCleaner
2010-09-07 13:07 . 2010-09-07 13:07	--------	d-----w-	c:\users\Public\CyberLink
2010-09-07 13:07 . 2010-09-07 13:07	--------	d-----w-	c:\users\***\AppData\Roaming\CyberLink
2010-09-07 13:07 . 2010-09-07 13:07	--------	d-----w-	c:\progra~2\LightScribe
2010-09-06 16:32 . 2010-09-06 16:32	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-09-06 16:32 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 16:32 . 2010-09-07 06:01	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-06 16:32 . 2010-09-06 16:32	--------	d-----w-	c:\progra~2\Malwarebytes
2010-09-06 16:32 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-03 06:41 . 2010-09-03 06:41	63488	----a-w-	c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-03 06:41 . 2010-09-03 06:41	52224	----a-w-	c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-03 06:41 . 2010-09-03 06:41	117760	----a-w-	c:\users\***\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-03 06:40 . 2010-09-03 06:40	--------	d-----w-	c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2010-09-03 06:40 . 2010-09-03 06:40	--------	d-----w-	c:\progra~2\SUPERAntiSpyware.com
2010-09-03 06:40 . 2010-09-03 06:40	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-09-01 05:36 . 2010-09-01 05:36	--------	d-----w-	c:\progra~2\Office Genuine Advantage
2010-08-31 17:08 . 2010-08-31 17:08	--------	d-----w-	c:\users\***\Office Genuine Advantage
2010-08-31 16:50 . 2009-12-08 18:19	113664	----a-w-	c:\windows\system32\drivers\ewusbnet.sys
2010-08-31 16:50 . 2009-12-07 17:53	103168	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2010-08-31 16:50 . 2009-10-12 13:22	101120	----a-w-	c:\windows\system32\drivers\ewusbdev.sys
2010-08-31 16:50 . 2007-08-09 02:06	23424	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2010-08-31 16:49 . 2010-08-31 16:50	--------	d-----w-	c:\program files\Mobile Partner
2010-08-30 18:53 . 2010-08-30 18:53	--------	d-----w-	c:\users\***\AppData\Roaming\Vodafone
2010-08-30 18:53 . 2009-04-09 11:38	105344	----a-w-	c:\windows\system32\drivers\zteusbvoice.sys
2010-08-30 18:53 . 2009-04-09 11:38	105344	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys
2010-08-30 18:53 . 2009-04-09 11:38	110592	----a-w-	c:\windows\system32\drivers\ZTEusbnet.sys
2010-08-30 18:53 . 2009-04-09 11:38	104960	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys
2010-08-30 18:53 . 2009-04-09 11:38	104960	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys
2010-08-30 18:52 . 2010-08-30 18:52	--------	d-----w-	c:\progra~2\Vodafone
2010-08-30 18:52 . 2010-08-30 18:52	--------	d-----w-	c:\progra~2\FLEXnet
2010-08-30 18:51 . 2010-08-30 18:51	--------	d-----w-	c:\users\***\AppData\Local\{AADEF95F-E36B-426E-B7B1-70E7D4F6AA5B}
2010-08-27 06:30 . 2010-08-27 06:30	--------	d-----w-	c:\program files\MSXML 4.0
2010-08-26 20:45 . 2010-08-26 20:50	--------	d-----w-	c:\program files\Picture It! Premium 10
2010-08-26 20:32 . 2010-08-26 20:32	--------	d-----w-	c:\program files\Microsoft Works Suite 2005
2010-08-20 17:14 . 2010-08-20 17:14	--------	d-----w-	c:\program files\RUB
2010-08-19 10:32 . 2010-08-19 10:32	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-18 13:45 . 2010-08-18 13:45	--------	d-----w-	c:\program files\Windows Portable Devices
2010-08-18 13:14 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2010-08-18 13:14 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2010-08-18 13:14 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2010-08-18 13:12 . 2009-10-01 01:02	30208	----a-w-	c:\windows\system32\WPDShextAutoplay.exe
2010-08-18 13:12 . 2009-10-01 01:02	31232	----a-w-	c:\windows\system32\BthMtpContextHandler.dll
2010-08-18 13:12 . 2009-10-01 01:01	81920	----a-w-	c:\windows\system32\wpdbusenum.dll
2010-08-18 13:12 . 2009-10-01 01:01	60928	----a-w-	c:\windows\system32\PortableDeviceConnectApi.dll
2010-08-18 13:12 . 2009-10-01 01:02	2537472	----a-w-	c:\windows\system32\wpdshext.dll
2010-08-18 13:12 . 2009-10-01 01:02	334848	----a-w-	c:\windows\system32\PortableDeviceApi.dll
2010-08-18 13:12 . 2009-10-01 01:02	87552	----a-w-	c:\windows\system32\WPDShServiceObj.dll
2010-08-18 13:12 . 2009-10-01 01:01	546816	----a-w-	c:\windows\system32\wpd_ci.dll
2010-08-18 13:12 . 2009-10-01 01:01	160256	----a-w-	c:\windows\system32\PortableDeviceTypes.dll
2010-08-18 13:12 . 2009-10-01 01:01	350208	----a-w-	c:\windows\system32\WPDSp.dll
2010-08-18 13:12 . 2009-10-01 01:01	196608	----a-w-	c:\windows\system32\PortableDeviceWMDRM.dll
2010-08-18 13:12 . 2009-10-01 01:01	100864	----a-w-	c:\windows\system32\PortableDeviceClassExtension.dll
2010-08-18 13:11 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2010-08-18 13:11 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2010-08-18 13:11 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2010-08-18 07:35 . 2010-08-18 07:35	--------	d-----w-	c:\windows\system32\ca-ES
2010-08-18 07:35 . 2010-08-18 07:35	--------	d-----w-	c:\windows\system32\eu-ES
2010-08-18 07:35 . 2010-08-18 07:35	--------	d-----w-	c:\windows\system32\vi-VN
2010-08-17 18:44 . 2010-08-17 18:44	--------	d--h--r-	c:\users\***\AppData\Roaming\SecuROM
2010-08-17 18:03 . 2010-08-17 18:03	--------	d-----w-	c:\program files\Common Files\Deterministic Networks
2010-08-17 18:02 . 2010-08-17 18:02	--------	d-----w-	c:\program files\Cisco Systems
2010-08-17 17:58 . 2010-09-07 15:04	--------	d-----w-	c:\users\***\AppData\Roaming\Skype
2010-08-17 17:58 . 2010-08-17 17:58	--------	d-----w-	c:\program files\Common Files\Skype
2010-08-17 17:58 . 2010-08-17 17:58	--------	d-----r-	c:\program files\Skype
2010-08-17 17:56 . 2010-08-26 15:12	--------	d-----w-	c:\users\***\AppData\Roaming\Apple Computer
2010-08-17 17:56 . 2010-08-17 17:56	--------	d-----w-	c:\users\***\AppData\Local\Apple Computer
2010-08-17 17:55 . 2010-08-17 17:55	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-08-17 17:55 . 2009-05-18 11:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-17 17:55 . 2008-04-17 10:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2010-08-17 17:54 . 2010-08-17 17:54	--------	d-----w-	c:\program files\iPod
2010-08-17 17:54 . 2010-08-17 17:55	--------	d-----w-	c:\program files\iTunes
2010-08-17 17:54 . 2010-08-17 17:55	--------	d-----w-	c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-17 17:52 . 2010-08-17 17:53	--------	d-----w-	c:\program files\QuickTime
2010-08-17 17:52 . 2010-08-17 17:54	--------	d-----w-	c:\progra~2\Apple Computer
2010-08-17 17:52 . 2010-08-17 17:52	--------	d-----w-	c:\users\***\AppData\Local\Apple
2010-08-17 17:51 . 2010-08-17 17:51	--------	d-----w-	c:\program files\Apple Software Update
2010-08-17 17:49 . 2010-08-17 17:49	--------	d-----w-	c:\program files\Bonjour
2010-08-17 17:49 . 2010-08-17 17:54	--------	d-----w-	c:\program files\Common Files\Apple
2010-08-17 17:49 . 2010-08-17 17:49	--------	d-----w-	c:\progra~2\Apple
2010-08-17 17:01 . 2010-08-17 17:01	--------	d-----w-	c:\program files\Common Files\Java
2010-08-17 16:21 . 2010-09-07 16:21	--------	d-----w-	c:\users\***\AppData\Roaming\ICQ
2010-08-17 16:21 . 2010-08-17 16:21	--------	d-----w-	c:\users\***\AppData\Local\AOL
2010-08-17 16:21 . 2010-08-24 06:11	--------	d-----w-	c:\program files\ICQ7.2
2010-08-17 14:51 . 2010-08-17 14:51	--------	d-----w-	c:\users\***\AppData\Local\ASUS
2010-08-11 09:06 . 2010-05-27 20:08	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-11 09:06 . 2010-06-29 15:47	834048	----a-w-	c:\windows\system32\wininet.dll
2010-08-11 09:06 . 2010-06-28 16:13	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-08-11 09:05 . 2010-06-11 16:16	274944	----a-w-	c:\windows\system32\schannel.dll
2010-08-11 09:05 . 2010-06-21 13:37	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-08-11 09:05 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-08-11 09:05 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-11 09:05 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-11 09:05 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-08-11 09:05 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-11 09:05 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-11 09:05 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 16:36 . 2010-09-07 16:36	12568	----a-w-	c:\windows\system32\drivers\PROCEXP113.SYS
2010-09-07 14:56 . 2009-02-13 13:06	--------	d-----w-	c:\users\***\AppData\Roaming\skypePM
2010-09-07 13:07 . 2008-11-14 19:09	--------	d-----w-	c:\progra~2\CyberLink
2010-09-04 05:15 . 2008-04-16 11:11	628742	----a-w-	c:\windows\system32\perfh007.dat
2010-09-04 05:15 . 2008-04-16 11:11	126454	----a-w-	c:\windows\system32\perfc007.dat
2010-08-27 13:33 . 2008-12-30 09:21	--------	d-----w-	c:\program files\Microsoft Works
2010-08-27 06:07 . 2008-12-25 15:47	108224	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 13:45 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-08-18 13:44 . 2010-08-18 13:44	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-18 07:36 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2010-08-18 07:36 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-18 07:36 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2010-08-18 07:36 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2010-08-18 07:36 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2010-08-18 07:36 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2010-08-18 07:36 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2010-08-17 17:58 . 2009-02-13 13:01	--------	d-----w-	c:\progra~2\Skype
2010-08-17 16:58 . 2010-04-21 06:07	--------	d-----w-	c:\program files\Java
2010-08-17 16:37 . 2009-10-19 05:58	--------	d-----w-	c:\program files\Catan
2010-08-17 16:37 . 2008-11-14 19:54	--------	d-----w-	c:\program files\Google
2010-08-17 16:21 . 2008-11-14 19:07	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-17 14:51 . 2008-11-14 21:01	--------	d-----w-	c:\progra~2\ASUS
2010-08-11 09:45 . 2008-11-14 18:53	--------	d-----w-	c:\progra~2\Microsoft Help
2010-07-17 03:00 . 2010-04-21 06:07	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-06-29 09:30 . 2009-02-07 17:54	680	----a-w-	c:\users\***\AppData\Local\d3d9caps.dat
2008-07-02 03:28 . 2008-07-02 03:28	61440	----a-w-	c:\program files\Common Files\CPInstallAction.dll
2008-05-22 17:35 . 2008-05-22 17:35	51962	----a-w-	c:\program files\Common Files\banner.jpg
2007-06-12 18:34 . 2007-06-12 18:34	35822	----a-w-	c:\program files\Common Files\ASPG_icon.ico
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-22 133432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-25 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-11-14 47672]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-11-14 33136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-8-17 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b2,02,d8,ff,a8,3e,cb,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-04-09 7680]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-06 57856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-04-09 110592]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-04-09 105344]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-08 113664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://w*w.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://w*w.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\
FF - prefs.js: browser.startup.homepage - hxxp://w*w.web.de/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-SymLnch - c:\program files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h**p://w*w.gmer.net
Rootkit scan 2010-09-07 18:48
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 


C:\ADSM_PData_0150

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-07  18:53:25
ComboFix-quarantined-files.txt  2010-09-07 16:53

Vor Suchlauf: 7 Verzeichnis(se), 64.082.599.936 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 64.007.680.000 Bytes frei

- - End Of File - - 4B6E059E4F593888D4CBE75D40CB0082
         
--- --- ---

Alt 07.09.2010, 19:28   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
Anschließend auch nochmal zur Kontrolle MBRCheck ausführen und das neue Log davon posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.09.2010, 21:25   #9
-Annika-
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



So hier die Ergebnisse der drei Programme. Ich hoffe, ich habe alles richtig gemacht!!


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - h**p://w*w.gmer.net
Rootkit scan 2010-09-07 21:47:18
Windows 6.0.6002 Service Pack 2
Running: jweto7vq.exe; Driver: C:\Users\***\AppData\Local\Temp\awtyipod.sys


---- System - GMER 1.0.15 ----

SSDT            8C90BE9C                                                               ZwCreateThread
SSDT            8C90BE88                                                               ZwOpenProcess
SSDT            8C90BE8D                                                               ZwOpenThread
SSDT            8C90BE97                                                               ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 221                                          81EF1984 4 Bytes  [9C, BE, 90, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                          81EF1B54 4 Bytes  [88, BE, 90, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 40D                                          81EF1B70 4 Bytes  [8D, BE, 90, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 621                                          81EF1D84 4 Bytes  [97, BE, 90, 8C]
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                               section is writeable [0x8DC04000, 0x1F875A, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                 AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                               fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                               AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                     0 bytes
File            C:\ADSM_PData_0150\DB                                                  0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                            624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                            16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                            16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                             512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                        253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86            0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys  29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt       512 bytes

---- EOF - GMER 1.0.15 ----
         
--- --- ---



Report of OSAM: Autorun Manager v5.0.11926.0
h**p://w*w.online-solutions.ru/en/
Saved at 22:11:31 on 07.09.2010
OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Control Panel Objects
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "ASMMAP" (ASMMAP) C:\Program Files\ATKGFNEX\ASMMAP.sys File exists
|||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists
"catchme" (catchme) C:\Users\***\AppData\Local\Temp\catchme.sys File not found
|||||| "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) "Cisco Systems, Inc." C:\Windows\system32\Drivers\CVPNDRVA.sys File exists
|||||| "Data Security Manager Driver" (AsDsm) "Windows (R) Codename Longhorn DDK provider" C:\Windows\system32\drivers\AsDsm.sys File exists
|||||| "ghaio" (ghaio) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys File found, but it contains no detailed information
"IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found
"IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
"IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
|||||| "lullaby" (lullaby) "Windows (R) Codename Longhorn DDK provider" C:\Windows\System32\DRIVERS\lullaby.sys File exists
|||||| "SASDIFSV" (SASDIFSV) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File exists
|||||| "SASKUTIL" (SASKUTIL) "SUPERAdBlocker.com and SUPERAntiSpyware.com" C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS File exists
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" "Hewlett-Packard Company" "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists
|||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found
|||||| {2F5AC606-70CF-461C-BFE1-6063670C3484} "DisplayCplExt Class" "ASUS" C:\Windows\system32\TPESetting.dll File exists
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Program Files\iTunes\iTunesMiniPlayer.dll File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists
Internet Explorer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21"
h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21"
h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21"
h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_21.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File exists
|||| "ICQ7.2" "ICQ, LLC." C:\Program Files\ICQ7.2\ICQ.exe File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||| "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE Shortcut exists | File exists
|||||| "desktop.ini" C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
|||||| "VPN Client.lnk" "Cisco Systems, Inc." C:\Program Files\Cisco Systems\VPN Client\vpngui.exe Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "ICQ" "ICQ, LLC." "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 File exists
|||| "LightScribe Control Panel" "Hewlett-Packard Company" C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
|||| "ASUS Camera ScreenSaver" C:\Windows\AsScrProlog.exe File found, but it contains no detailed information
|||| "ASUS Screen Saver Protector" C:\Windows\ASScrPro.exe File exists
|||| "ASUSTPE" "ASUS" C:\Windows\system32\ASUSTPE.exe File exists
|||| "ATKMEDIA" "ASUS" C:\Program Files\ASUS\ATK Media\DMedia.exe File exists
|||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "CLMLServer" "CyberLink" "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" File exists
|| "DXM6Patch_981116" "Microsoft Corporation" C:\Windows\p_981116.exe /Q:A File exists
|||| "iTunesHelper" "Apple Inc." "C:\Program Files\iTunes\iTunesHelper.exe" File exists
|||| "P2Go_Menu" "CyberLink Corp." "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" File exists
|||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists
|||| "StartCCC" "Advanced Micro Devices, Inc." "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" C:\Windows\system32\msonpmon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File exists
|||||| "ADSM Service" (ADSMService) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe File exists
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File exists
|||||| "ASLDR Service" (ASLDRService) C:\Program Files\ATK Hotkey\ASLDRSrv.exe File exists
|||||| "ATKGFNEX Service" (ATKGFNEXSrv) C:\Program Files\ATKGFNEX\GFNEXSrv.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists
|||||| "Cisco Systems, Inc. VPN Service" (CVPND) "Cisco Systems, Inc." C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe File exists
|||||| "Dienst "Bonjour"" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists
|||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists
|||||| "LightScribeService Direct Disc Labeling Service" (LightScribeService) "Hewlett-Packard Company" C:\Program Files\Common Files\LightScribe\LSSrvc.exe File exists
|||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists
|||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "spmgr" (spmgr) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe File exists
Winlogon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
"ScCertProp" wlnotify.dll File not found
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists

If You have questions or want to get some help, You can visit h**p://forum.online-solutions.ru




MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: F5SR
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 158):
0x81E3B000 \SystemRoot\system32\ntkrnlpa.exe
0x81E08000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80486000 \SystemRoot\system32\PSHED.dll
0x80497000 \SystemRoot\system32\BOOTVID.dll
0x8049F000 \SystemRoot\system32\CLFS.SYS
0x804E0000 \SystemRoot\system32\CI.dll
0x80604000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80680000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068D000 \SystemRoot\system32\drivers\acpi.sys
0x806D3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DC000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E4000 \SystemRoot\system32\drivers\pci.sys
0x8070B000 \SystemRoot\System32\drivers\partmgr.sys
0x8071A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80727000 \SystemRoot\system32\drivers\volmgr.sys
0x80736000 \SystemRoot\System32\drivers\volmgrx.sys
0x80780000 \SystemRoot\system32\drivers\pciide.sys
0x80787000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80795000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A5000 \SystemRoot\system32\drivers\atapi.sys
0x807AD000 \SystemRoot\system32\drivers\ataport.SYS
0x807CB000 \SystemRoot\system32\drivers\fltmgr.sys
0x805C0000 \SystemRoot\system32\drivers\fileinfo.sys
0x805D0000 \SystemRoot\System32\Drivers\AsDsm.sys
0x805DA000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x89E01000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89E72000 \SystemRoot\system32\drivers\ndis.sys
0x89F7D000 \SystemRoot\system32\drivers\msrpc.sys
0x89FA8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A000000 \SystemRoot\System32\drivers\tcpip.sys
0x8A0EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A204000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A314000 \SystemRoot\system32\drivers\wd.sys
0x8A31C000 \SystemRoot\system32\drivers\volsnap.sys
0x8A355000 \SystemRoot\System32\Drivers\spldr.sys
0x8A35D000 \SystemRoot\System32\Drivers\mup.sys
0x8A36C000 \SystemRoot\System32\drivers\ecache.sys
0x8A393000 \SystemRoot\system32\drivers\disk.sys
0x8A3A4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A3C5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3EE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A105000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A10E000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x8A116000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DA08000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8DED2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8DF73000 \SystemRoot\System32\drivers\watchdog.sys
0x8DF7F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8DF92000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8DF9A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DFA5000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8DFD4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DFD6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DFE1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DFF9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8A125000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A12F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A16D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A17C000 \SystemRoot\system32\DRIVERS\SiSGB6.sys
0x8E00F000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E0F3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E180000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E184000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8E1A3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A18C000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E1D2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E1DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E1F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A1CD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E000000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x89FE3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805E2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A1F0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DA00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E40B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E435000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E43F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E44C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E481000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E600000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8E492000 \SystemRoot\system32\drivers\portcls.sys
0x8E4BF000 \SystemRoot\system32\drivers\drmk.sys
0x8E80F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8E935000 \SystemRoot\system32\drivers\modem.sys
0x8E942000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x8E94C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E955000 \SystemRoot\System32\Drivers\Null.SYS
0x8E95C000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E963000 \SystemRoot\System32\drivers\vga.sys
0x8E96F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E990000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E998000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E9A0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E9AB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E9B9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E9C2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E9D8000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E4E4000 \SystemRoot\system32\drivers\afd.sys
0x8E52C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E55E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E9EC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E574000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E9FA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8E587000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8E800000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8E5A9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E7F2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E5E5000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EA0B000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8EA27000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8EA29000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EA40000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8EA4D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8EA58000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8FA02000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8FBB3000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8FBC0000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8FBC7000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8FBD9000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0x8EA60000 \SystemRoot\system32\DRIVERS\ewusbnet.sys
0x8EA7F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x95270000 \SystemRoot\System32\win32k.sys
0x8FBF3000 \SystemRoot\System32\drivers\Dxapi.sys
0x8EA94000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95490000 \SystemRoot\System32\TSDDD.dll
0x954B0000 \SystemRoot\System32\cdd.dll
0x8EAA3000 \SystemRoot\system32\drivers\luafv.sys
0x8EABE000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8EAD2000 \SystemRoot\system32\drivers\spsys.sys
0x8EB82000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8EB92000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8EBBC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8EBC6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8EBD9000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x9D807000 \SystemRoot\system32\drivers\H**P.sys
0x9D874000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D891000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D8AA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D8BF000 \SystemRoot\system32\drivers\mrxdav.sys
0x9D8E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D8FF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D938000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D950000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D977000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D9C5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9F00D000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0x9F09D000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0x9F0A0000 \SystemRoot\system32\drivers\peauth.sys
0x9F17E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F188000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F194000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9F1BC000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9F1D1000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9F1E5000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x775E0000 \Windows\System32\ntdll.dll

Processes (total 80):
0 System Idle Process
4 System
448 C:\Windows\System32\smss.exe
584 csrss.exe
688 C:\Windows\System32\wininit.exe
700 csrss.exe
732 C:\Windows\System32\services.exe
748 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\winlogon.exe
968 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\Ati2evxx.exe
1240 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\audiodg.exe
1400 C:\Windows\System32\SLsvc.exe
1440 C:\Windows\System32\svchost.exe
1544 C:\Windows\System32\Ati2evxx.exe
1568 C:\Program Files\ASUS\SmartLogon\smartlogon.exe
1620 C:\Windows\System32\svchost.exe
1768 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
1780 C:\Program Files\ATK Hotkey\ASLDRSrv.exe
1820 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1964 C:\Windows\System32\spoolsv.exe
1972 C:\Windows\System32\taskeng.exe
2000 C:\Windows\System32\dwm.exe
2016 C:\Windows\System32\wlanext.exe
2044 C:\Program Files\Avira\AntiVir Desktop\sched.exe
244 C:\Windows\explorer.exe
284 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\agrsmsvc.exe
1612 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1628 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
392 C:\Program Files\Bonjour\mDNSResponder.exe
2108 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
2152 C:\Windows\System32\taskeng.exe
2180 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2192 C:\Program Files\ATK Hotkey\HControl.exe
2200 C:\Program Files\ATKOSD2\ATKOSD2.exe
2212 C:\Program Files\Wireless Console 2\wcourier.exe
2292 C:\Windows\System32\svchost.exe
2316 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2336 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
2348 C:\Program Files\P4G\BatteryLife.exe
2524 C:\Windows\System32\svchost.exe
2560 C:\Windows\System32\taskeng.exe
2592 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2640 C:\Windows\System32\svchost.exe
2672 C:\Windows\System32\SearchIndexer.exe
2724 C:\Program Files\Windows Defender\MSASCui.exe
2748 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
2820 C:\Windows\RtHDVCpl.exe
2828 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2840 C:\Program Files\ASUS\ATK Media\DMedia.exe
2852 C:\Windows\System32\ASUSTPE.exe
2868 C:\Windows\ASScrPro.exe
2876 C:\Program Files\QuickTime\QTTask.exe
2884 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2920 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2980 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
3036 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3056 C:\Program Files\iTunes\iTunesHelper.exe
3096 C:\Program Files\Windows Sidebar\sidebar.exe
3104 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3112 C:\Windows\ehome\ehtray.exe
3120 C:\Program Files\ICQ7.2\ICQ.exe
3128 WUDFHost.exe
3212 C:\Program Files\ATK Hotkey\ATKOSD.exe
3632 C:\Program Files\ATK Hotkey\KBFiltr.exe
3644 C:\Windows\ehome\ehmsas.exe
4004 C:\Program Files\iPod\bin\iPodService.exe
4136 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4936 C:\Program Files\Mobile Partner\Mobile Partner.exe
5556 C:\Program Files\Mozilla Firefox\firefox.exe
1216 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5756 C:\Users\***\Downloads\MBRCheck.exe
4708 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001f`8d1db400 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Alt 08.09.2010, 12:28   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.09.2010, 10:53   #11
-Annika-
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Hier die beiden Scans. Danke!!



Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4578

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

09.09.2010 09:57:33
mbam-log-2010-09-09 (09-57-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 251700
Laufzeit: 1 Stunde(n), 18 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




SUPERAntiSpyware Scan Log
h**p://w*w.superantispyware.com

Generated 09/09/2010 at 11:40 AM

Application Version : 4.42.1000

Core Rules Database Version : 5476
Trace Rules Database Version: 3288

Scan type : Complete Scan
Total Scan Time : 01:37:44

Memory items scanned : 821
Memory threats detected : 0
Registry items scanned : 7569
Registry threats detected : 0
File items scanned : 124036
File threats detected : 102

Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@cdn.at.atwola[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tacoda[3].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@advertising[3].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[3].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[3].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[5].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@at.atwola[3].txt
imagesrv.adition.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FV9PFSUS ]
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@advertising[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@at.atwola[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@cdn.at.atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[3].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tacoda[2].txt
.doubleclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.collective-media.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.collective-media.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.collective-media.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.collective-media.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
ad3.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.atdmt.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.atdmt.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
track.adform.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
track.adform.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.apmebf.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
ww251.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
studivz.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.zanox.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
track.effiliation.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
ad2.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.clickaider.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.ads.quartermedia.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.statcounter.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.xiti.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.specificclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.adviva.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.germanwings.112.2o7.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.libri.112.2o7.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
tradefx.advertserve.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.adinterax.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.adinterax.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.77tracking.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.77tracking.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
.77tracking.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]
ad1.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\o8tikm3e.default\cookies.sqlite ]

Alt 09.09.2010, 13:15   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.09.2010, 15:49   #13
-Annika-
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Leider ist die Musik immer noch da. Scheint ein hartnäckiger Virus zu sein!

Danke schonmal bis hierher für deine Bemühungen

Ich hoffe aber, du weißt noch was, was ich tun könnte!!??

Alt 09.09.2010, 19:43   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Hm, ich hab nochmal nachgesehen, aber offensichtlich hab ich nichts übersehen
Probier mal eine saubere Re-Installation von ICQ/Skype. Hilfe das auch nicht, machst Du mal mit der Kasperksy-Resue-CD weiter => Kaspersky Rescue Disk: Boot-CD mit Virenscanner (ISO-Image) ... ScareWare.de
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.09.2010, 09:59   #15
-Annika-
 
Musik im Hintergrund! Virus? - Standard

Musik im Hintergrund! Virus?



Die Reinstallation hat leider nichts gebracht!

Mit der Kasperksy-Resue-CD kann ich den Schritt nicht durchführen, den Scanner upzudaten. Ich denke mal, dass liegt daran, dass ich mit einem Internetstick ins Internet gehe und so dann nicht im Internet bin. Kann ich das irgendwie anders updaten?

Antwort

Themen zu Musik im Hintergrund! Virus?
0x0000001f, ad.yieldmanager, adfarm, advertising, appdata, cookies, detected, doubleclick, ergebnis, flash player, folge, folgendes, forum, googleads.g.doubleclick.net, guten, hintergrund, home premium, macromedia, microsoft, musik, musik im hintergrund, player, problem, roaming, scan, superantispyware, unknown mbr, version, virus, virus musik hintergrund icq skype, virus?, windows, windows vista home



Ähnliche Themen: Musik im Hintergrund! Virus?


  1. Musik im Hintergrund (von FB )
    Plagegeister aller Art und deren Bekämpfung - 30.11.2014 (1)
  2. menge pop ups und musik im hintergrund
    Plagegeister aller Art und deren Bekämpfung - 24.09.2014 (15)
  3. Werbung und Musik im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 02.01.2014 (12)
  4. Menge Pop-Ups und Musik im Hintergrund.
    Plagegeister aller Art und deren Bekämpfung - 01.09.2013 (4)
  5. Musik im Hintergrund?
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (5)
  6. Musik ertönt einfach im Hintergrund (Virus?)
    Plagegeister aller Art und deren Bekämpfung - 10.08.2011 (1)
  7. Musik/Videos im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 25.04.2011 (1)
  8. Werbung / Musik im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (1)
  9. Virus oder Trojaner eingefangen? Musik läuft im Hintergrund!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (1)
  10. Musik im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 22.08.2010 (34)
  11. Musik im Hintergrund,Pop-ups in IE-Fenstern
    Log-Analyse und Auswertung - 17.08.2010 (41)
  12. Musik im Hintergrund! Virus? Was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2010 (17)
  13. virus! musik im hintergrund
    Plagegeister aller Art und deren Bekämpfung - 02.08.2010 (3)
  14. ¿Virus oder Trojaner? - Musik startet / Mausklick im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 01.08.2010 (1)
  15. Nervige Musik im Hintergrund, Werbung öffnet sich iexplorer.exe virus eingefangen ?
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (25)
  16. Plötzlich russische Musik im Hintergrund. Virus?
    Log-Analyse und Auswertung - 22.01.2010 (6)
  17. Musik läuft im Hintergrund
    Alles rund um Windows - 17.05.2009 (2)

Zum Thema Musik im Hintergrund! Virus? - Guten Morgen! Ich habe das Problem, dass bei mir, wenn ich ICQ/ Skype benutze, nach kurzer Zeit Musik beginnt, die sich wie bei einer Schlacht anhört. Ich habe hier im - Musik im Hintergrund! Virus?...
Archiv
Du betrachtest: Musik im Hintergrund! Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.