Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: win32.autorun.tmp wie werd ichs los?!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.03.2011, 01:28   #1
mötö
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



habe heute mit spybot gescannt und es fand win32.autorun.tmp und konnte es leider nicht entfernen, beim nochmaligen scan wurde es nicht mehr gefunden, malware findet auch nix, cc cleaner benutzt nix passiert.
habe bootkit remover runtergeladen, die spybot log datei ist zu groß, als dass sie hier rein passt, hat als word datei 216 seiten, weiß daher nicht, wie ich sie posten soll
(otl dateien im anhang) bitte um HILFE
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`a962f000

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

malware log datei

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6057

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.03.2011 00:14:29
mbam-log-2011-03-15 (00-14-29).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 167733
Laufzeit: 3 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6056

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.03.2011 23:59:11
mbam-log-2011-03-14 (23-59-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 288935
Laufzeit: 43 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

hab hier doch kleinere von sypbot, aber glaube nur die, bei denen nix mehr gefunden wurde

--- Report generated: 2011-03-15 00:10 ---

Gratuliere!: Es wurden keine Spione gefunden. (Status)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-12-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-02-24 Includes\Adware.sbi (*)
2011-03-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-03-08 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-02-24 Includes\Malware.sbi (*)
2011-03-08 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-03 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-08 Includes\TrojansC-02.sbi (*)
2011-03-03 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-08 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- Report generated: 2011-03-15 00:33 ---

Gratuliere!: Es wurden keine Spione gefunden. (Status)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-12-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-02-24 Includes\Adware.sbi (*)
2011-03-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-03-08 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-02-24 Includes\Malware.sbi (*)
2011-03-08 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-03 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-08 Includes\TrojansC-02.sbi (*)
2011-03-03 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-08 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

so fängt die lange log datei an

--- Search result list ---
Win32.AutoRun.tmp: [SBI $751B1850] Einstellungen (Registrierungsdatenbank-Wert, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

Right Media: Verfolgender Cookie (Internet Explorer: mötö) (Cookie, fixed)

spybot log datei

gott tut mir leid ich bin in panik, habe jetzt nochmal die otl dateien mit load erstellt.

otl.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/15/2011 2:10:23 AM - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\mötö\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 25.50 Gb Free Space | 34.22% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 182.91 Gb Free Space | 87.55% Space Free | Partition Type: NTFS
 
Computer Name: MÖTÖ-PC | User Name: mötö | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mötö\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe ()
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\mötö\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (SRS_VolSync_Service) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (SRS Labs, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech                  )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SRS_PremiumSound_Service) -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (CRFILTER) -- C:\Windows\SysNative\drivers\CRFILTER.sys (Generic)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.76
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.backup.ftp: "    62.243.224.179"
FF - prefs.js..network.proxy.backup.ftp_port: 1080
FF - prefs.js..network.proxy.backup.gopher: "    62.243.224.179"
FF - prefs.js..network.proxy.backup.gopher_port: 1080
FF - prefs.js..network.proxy.backup.socks: "    62.243.224.179"
FF - prefs.js..network.proxy.backup.socks_port: 1080
FF - prefs.js..network.proxy.backup.ssl: "    62.243.224.179"
FF - prefs.js..network.proxy.backup.ssl_port: 1080
FF - prefs.js..network.proxy.ftp: "    131.247.2.247"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "    131.247.2.247"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "    131.247.2.247"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "    131.247.2.247"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "    131.247.2.247"
FF - prefs.js..network.proxy.ssl_port: 3127
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/01/26 18:00:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/06 01:32:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/19 21:18:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/06 11:06:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/06 11:06:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/19 21:18:56 | 000,000,000 | ---D | M]
 
[2009/12/09 13:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mötö\AppData\Roaming\mozilla\Extensions
[2011/03/15 00:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions
[2010/09/27 21:41:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/29 10:51:27 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/12/24 09:02:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/11 08:12:37 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/03/06 21:51:58 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/06/08 20:50:40 | 000,000,000 | ---D | M] (Lazarus: Form Recovery) -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\lazarus@interclue.com
[2011/03/13 11:43:12 | 000,000,000 | ---D | M] (Personas) -- C:\Users\mötö\AppData\Roaming\mozilla\Firefox\Profiles\lql6lmbe.default\extensions\personas@christopher.beard
[2011/03/08 20:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010/07/03 08:49:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/23 09:24:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/09 21:24:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/05 19:14:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 20:39:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/10/25 22:02:53 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2010/03/06 01:32:31 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX
[2010/08/19 21:18:55 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2010/10/25 22:02:54 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{E001C731-5E37-4538-A5CB-8168736A2360}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/08/13 22:03:05 | 000,799,808 | ---- | M] (www.devalvr.com) -- C:\Program Files (x86)\mozilla firefox\plugins\npdevalvr.dll
[2010/01/13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/10/27 08:57:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/10/27 08:57:46 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/27 08:57:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/10/27 08:57:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/10/27 08:57:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe (ECAREME)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [Setwallpaper]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
O4 - Startup: C:\Users\mötö\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mötö\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mötö\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/03/15 02:09:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/15 02:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/03/15 02:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/03/15 01:56:15 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\mötö\Desktop\Erunt-setup.exe
[2011/03/15 01:56:15 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\mötö\Desktop\OTL.exe
[2011/03/15 01:56:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\mötö\Desktop\TFC.exe
[2011/03/15 00:18:44 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\mötö\Desktop\remover.exe
[2011/03/14 22:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/03/14 22:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/03/14 22:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/03/14 22:25:05 | 000,000,000 | ---D | C] -- C:\Users\mötö\Desktop\secres
[2011/03/08 20:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/06 21:55:59 | 000,000,000 | ---D | C] -- C:\Users\mötö\AppData\Roaming\QuickScan
[2011/03/06 19:17:44 | 000,000,000 | ---D | C] -- C:\Users\mötö\Desktop\vinatge
[2011/02/27 20:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/02/27 20:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/02/26 08:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/02/24 10:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2008/08/12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/03/15 02:12:17 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/15 02:12:17 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/15 02:07:57 | 000,001,106 | ---- | M] () -- C:\Users\mötö\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/15 02:07:46 | 000,000,926 | ---- | M] () -- C:\Users\mötö\Desktop\NTREGOPT.lnk
[2011/03/15 02:07:46 | 000,000,907 | ---- | M] () -- C:\Users\mötö\Desktop\ERUNT.lnk
[2011/03/15 02:05:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/15 02:04:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/15 02:04:44 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/15 01:56:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\mötö\Desktop\TFC.exe
[2011/03/15 01:56:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mötö\Desktop\OTL.exe
[2011/03/15 01:56:20 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\mötö\Desktop\Erunt-setup.exe
[2011/03/15 01:49:21 | 000,022,215 | ---- | M] () -- C:\Users\mötö\Desktop\SpybotSD.Results.zip
[2011/03/15 01:47:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/14 22:41:30 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/14 21:52:35 | 000,074,483 | ---- | M] () -- C:\Users\mötö\Desktop\Wege-ins-Ausland.pdf
[2011/03/13 12:40:23 | 000,005,701 | ---- | M] () -- C:\Users\mötö\Desktop\Anleitung.html
[2011/03/06 19:28:43 | 049,903,568 | ---- | M] () -- C:\Users\mötö\Desktop\MVI_6603.AVI
[2011/02/28 18:39:41 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/28 18:39:41 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/02/28 18:39:41 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/28 18:39:41 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/02/28 18:39:41 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/16 21:08:40 | 001,040,395 | ---- | M] () -- C:\Users\mötö\Documents\zeugnisse.pdf
[2011/02/16 21:04:36 | 000,099,023 | ---- | M] () -- C:\Users\mötö\Documents\Lebenslauf Deutsch nur zeugnisse.pdf
 
========== Files Created - No Company Name ==========
 
[2011/03/15 02:07:57 | 000,001,106 | ---- | C] () -- C:\Users\mötö\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/15 02:07:46 | 000,000,926 | ---- | C] () -- C:\Users\mötö\Desktop\NTREGOPT.lnk
[2011/03/15 02:07:46 | 000,000,907 | ---- | C] () -- C:\Users\mötö\Desktop\ERUNT.lnk
[2011/03/15 01:49:21 | 000,022,215 | ---- | C] () -- C:\Users\mötö\Desktop\SpybotSD.Results.zip
[2011/03/14 22:41:30 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/03/14 21:52:35 | 000,074,483 | ---- | C] () -- C:\Users\mötö\Desktop\Wege-ins-Ausland.pdf
[2011/03/13 12:41:14 | 000,005,701 | ---- | C] () -- C:\Users\mötö\Desktop\Anleitung.html
[2011/03/06 19:28:38 | 049,903,568 | ---- | C] () -- C:\Users\mötö\Desktop\MVI_6603.AVI
[2011/02/16 21:08:37 | 001,040,395 | ---- | C] () -- C:\Users\mötö\Documents\zeugnisse.pdf
[2011/02/16 21:04:35 | 000,099,023 | ---- | C] () -- C:\Users\mötö\Documents\Lebenslauf Deutsch nur zeugnisse.pdf
[2010/04/15 10:42:58 | 000,003,584 | ---- | C] () -- C:\Users\mötö\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 13:41:38 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
[2009/12/31 19:55:39 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/09 13:43:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/09 12:57:28 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/11/18 12:55:56 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/11/18 12:21:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/08/19 09:33:09 | 000,018,944 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 09:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/01 09:10:50 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/10/29 23:54:39 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2008/05/22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2010/03/27 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\3Dconnexion
[2010/09/01 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\Amazon
[2009/12/09 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\Asus WebStorage
[2011/03/14 22:47:10 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\Azureus
[2009/12/11 18:28:26 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/29 10:51:27 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/06/02 09:50:54 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\Facebook
[2009/12/09 13:43:26 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\ICQ
[2010/04/15 10:27:52 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\Nokia
[2009/12/11 16:42:53 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\PC Suite
[2011/03/06 21:56:09 | 000,000,000 | ---D | M] -- C:\Users\mötö\AppData\Roaming\QuickScan
[2011/01/03 21:09:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/01/22 13:27:17 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/12/09 12:16:56 | 000,000,000 | -H-D | M] -- C:\asus.dat
[2009/07/29 07:03:34 | 000,000,000 | -HSD | M] -- C:\Boot
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/12/09 13:55:09 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/03/14 22:41:26 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/03/15 02:07:46 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011/02/07 15:30:27 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009/12/09 12:01:15 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/03/15 02:13:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/04/20 10:24:56 | 000,000,000 | R--D | M] -- C:\Users
[2011/03/15 02:09:08 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
         
--- --- ---

Alt 15.03.2011, 16:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Bitte auch dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________

__________________

Alt 15.03.2011, 17:43   #3
mötö
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6056

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.03.2011 23:59:11
mbam-log-2011-03-14 (23-59-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 288935
Laufzeit: 43 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6057

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.03.2011 00:14:29
mbam-log-2011-03-15 (00-14-29).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 167733
Laufzeit: 3 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6062

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.03.2011 11:05:25
mbam-log-2011-03-15 (11-05-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 286204
Laufzeit: 1 Stunde(n), 2 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 15.03.2011, 17:45   #4
mötö
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



die anderen sind von januar die log dateien vom tool folgen heute abend, danke schon mal

Alt 15.03.2011, 21:25   #5
mötö
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



hier die tdss killer log datei

2011/03/15 21:23:56.0700 5828 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/15 21:23:57.0213 5828 ================================================================================
2011/03/15 21:23:57.0213 5828 SystemInfo:
2011/03/15 21:23:57.0213 5828
2011/03/15 21:23:57.0213 5828 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/15 21:23:57.0213 5828 Product type: Workstation
2011/03/15 21:23:57.0214 5828 ComputerName: MÖTÖ-PC
2011/03/15 21:23:57.0214 5828 UserName: mötö
2011/03/15 21:23:57.0214 5828 Windows directory: C:\Windows
2011/03/15 21:23:57.0214 5828 System windows directory: C:\Windows
2011/03/15 21:23:57.0214 5828 Running under WOW64
2011/03/15 21:23:57.0214 5828 Processor architecture: Intel x64
2011/03/15 21:23:57.0214 5828 Number of processors: 2
2011/03/15 21:23:57.0214 5828 Page size: 0x1000
2011/03/15 21:23:57.0214 5828 Boot type: Normal boot
2011/03/15 21:23:57.0215 5828 ================================================================================
2011/03/15 21:23:57.0663 5828 Initialize success
2011/03/15 21:24:07.0699 3412 ================================================================================
2011/03/15 21:24:07.0699 3412 Scan started
2011/03/15 21:24:07.0699 3412 Mode: Manual;
2011/03/15 21:24:07.0699 3412 ================================================================================
2011/03/15 21:24:09.0173 3412 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/15 21:24:09.0259 3412 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/15 21:24:09.0324 3412 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/15 21:24:09.0398 3412 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/15 21:24:09.0465 3412 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/15 21:24:09.0502 3412 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/15 21:24:09.0591 3412 AF15BDA (0517e1670a58213e3f206066cd209273) C:\Windows\system32\DRIVERS\AF15BDA.sys
2011/03/15 21:24:09.0671 3412 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/03/15 21:24:09.0755 3412 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/15 21:24:09.0817 3412 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/15 21:24:09.0876 3412 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/15 21:24:09.0908 3412 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/15 21:24:09.0962 3412 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/15 21:24:09.0993 3412 amdsata (8818a2ab90189b7ff60a24c0847f9a6b) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/15 21:24:10.0048 3412 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/15 21:24:10.0087 3412 amdxata (3c430969f097dee18d13010d678069cd) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/15 21:24:10.0148 3412 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/03/15 21:24:10.0247 3412 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/15 21:24:10.0282 3412 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/15 21:24:10.0345 3412 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
2011/03/15 21:24:10.0444 3412 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
2011/03/15 21:24:10.0561 3412 aswFsBlk (6923740db573b46fdda13e1df412c577) C:\Windows\system32\drivers\aswFsBlk.sys
2011/03/15 21:24:10.0639 3412 aswMonFlt (de001b988b58bfd453f667842655b22e) C:\Windows\system32\drivers\aswMonFlt.sys
2011/03/15 21:24:10.0729 3412 aswRdr (e0d1002d7fa65dd023788b17f714e682) C:\Windows\system32\drivers\aswRdr.sys
2011/03/15 21:24:10.0817 3412 aswSP (c3eafdc0f533425614430a112ba71e9a) C:\Windows\system32\drivers\aswSP.sys
2011/03/15 21:24:10.0977 3412 aswTdi (0226ffbc420d8fb67ba3b9dbdd1f2dca) C:\Windows\system32\drivers\aswTdi.sys
2011/03/15 21:24:11.0053 3412 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/15 21:24:11.0113 3412 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/15 21:24:11.0432 3412 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/03/15 21:24:11.0837 3412 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/15 21:24:12.0062 3412 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/03/15 21:24:12.0224 3412 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/15 21:24:12.0331 3412 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/15 21:24:12.0382 3412 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/15 21:24:12.0454 3412 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/15 21:24:12.0498 3412 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/15 21:24:12.0550 3412 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/15 21:24:12.0584 3412 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/15 21:24:12.0630 3412 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/15 21:24:12.0664 3412 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/15 21:24:12.0706 3412 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/15 21:24:12.0733 3412 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/15 21:24:12.0778 3412 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/15 21:24:12.0867 3412 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/15 21:24:12.0934 3412 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/15 21:24:13.0092 3412 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/15 21:24:13.0185 3412 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/15 21:24:13.0344 3412 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/15 21:24:13.0395 3412 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/15 21:24:13.0437 3412 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/03/15 21:24:13.0477 3412 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/15 21:24:13.0538 3412 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/15 21:24:13.0617 3412 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/15 21:24:13.0685 3412 CRFILTER (64beed6775c22b0362fa9ded3f8124a1) C:\Windows\system32\DRIVERS\CRFILTER.sys
2011/03/15 21:24:13.0823 3412 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/03/15 21:24:13.0873 3412 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/15 21:24:13.0928 3412 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/15 21:24:13.0996 3412 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/15 21:24:14.0096 3412 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/15 21:24:14.0303 3412 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/15 21:24:14.0606 3412 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/15 21:24:14.0718 3412 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/15 21:24:14.0818 3412 ETD (5cd1005b9bc241c3ab8501d5fbf09fd4) C:\Windows\system32\DRIVERS\ETD.sys
2011/03/15 21:24:14.0899 3412 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/15 21:24:14.0940 3412 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/15 21:24:14.0983 3412 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/15 21:24:15.0033 3412 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/15 21:24:15.0077 3412 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/15 21:24:15.0111 3412 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/15 21:24:15.0151 3412 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/03/15 21:24:15.0205 3412 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/15 21:24:15.0258 3412 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/03/15 21:24:15.0296 3412 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/15 21:24:15.0366 3412 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/15 21:24:15.0428 3412 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/15 21:24:15.0510 3412 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/15 21:24:15.0572 3412 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/03/15 21:24:15.0721 3412 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/15 21:24:15.0797 3412 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/15 21:24:15.0839 3412 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/15 21:24:15.0873 3412 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/15 21:24:15.0930 3412 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/15 21:24:16.0009 3412 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/15 21:24:16.0076 3412 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/03/15 21:24:16.0186 3412 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/15 21:24:16.0313 3412 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/15 21:24:16.0373 3412 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/15 21:24:16.0433 3412 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/15 21:24:16.0486 3412 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/15 21:24:16.0576 3412 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/15 21:24:16.0632 3412 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/15 21:24:16.0671 3412 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/15 21:24:16.0717 3412 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/15 21:24:16.0761 3412 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/15 21:24:16.0794 3412 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/15 21:24:16.0840 3412 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/15 21:24:16.0899 3412 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/15 21:24:16.0946 3412 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/15 21:24:16.0997 3412 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/03/15 21:24:17.0051 3412 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/15 21:24:17.0104 3412 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/15 21:24:17.0150 3412 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/15 21:24:17.0294 3412 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/15 21:24:17.0415 3412 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/15 21:24:17.0485 3412 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/15 21:24:17.0548 3412 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/15 21:24:17.0605 3412 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/15 21:24:17.0656 3412 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/15 21:24:17.0708 3412 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
2011/03/15 21:24:17.0751 3412 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/15 21:24:17.0804 3412 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/15 21:24:17.0872 3412 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/15 21:24:17.0924 3412 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/15 21:24:18.0009 3412 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/15 21:24:18.0097 3412 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/15 21:24:18.0154 3412 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/03/15 21:24:18.0194 3412 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/15 21:24:18.0240 3412 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/15 21:24:18.0297 3412 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/15 21:24:18.0359 3412 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/15 21:24:18.0395 3412 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/15 21:24:18.0432 3412 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/15 21:24:18.0474 3412 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/15 21:24:18.0514 3412 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/15 21:24:18.0575 3412 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/15 21:24:18.0617 3412 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/15 21:24:18.0643 3412 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/15 21:24:18.0701 3412 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/15 21:24:18.0732 3412 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/15 21:24:18.0756 3412 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/15 21:24:18.0790 3412 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/03/15 21:24:18.0833 3412 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/15 21:24:18.0874 3412 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/15 21:24:18.0914 3412 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/15 21:24:18.0971 3412 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
2011/03/15 21:24:19.0043 3412 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/15 21:24:19.0140 3412 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/15 21:24:19.0260 3412 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/03/15 21:24:19.0410 3412 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/15 21:24:19.0489 3412 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/15 21:24:19.0553 3412 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/15 21:24:19.0591 3412 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/15 21:24:19.0618 3412 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/03/15 21:24:19.0658 3412 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/15 21:24:19.0695 3412 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/15 21:24:19.0805 3412 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/15 21:24:19.0957 3412 nmwcdcx64 (2c761cc067acf0fb4ea13930b09bfeea) C:\Windows\system32\drivers\ccdcmbox64.sys
2011/03/15 21:24:20.0034 3412 nmwcdx64 (63051819d5cac0fa49c425fc5e1a2b5c) C:\Windows\system32\drivers\ccdcmbx64.sys
2011/03/15 21:24:20.0082 3412 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/15 21:24:20.0127 3412 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/15 21:24:20.0223 3412 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/03/15 21:24:20.0331 3412 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/15 21:24:20.0392 3412 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/15 21:24:20.0444 3412 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/15 21:24:20.0480 3412 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/15 21:24:20.0536 3412 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/15 21:24:20.0597 3412 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/15 21:24:20.0631 3412 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/03/15 21:24:20.0694 3412 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/03/15 21:24:20.0734 3412 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/03/15 21:24:20.0766 3412 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/03/15 21:24:20.0815 3412 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/15 21:24:20.0853 3412 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/15 21:24:20.0907 3412 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/15 21:24:21.0062 3412 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/15 21:24:21.0099 3412 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/15 21:24:21.0155 3412 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/15 21:24:21.0345 3412 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/15 21:24:21.0572 3412 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/15 21:24:21.0658 3412 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/15 21:24:21.0688 3412 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/15 21:24:21.0736 3412 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/15 21:24:21.0782 3412 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/15 21:24:21.0833 3412 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/15 21:24:21.0866 3412 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/15 21:24:21.0899 3412 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/15 21:24:21.0934 3412 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/15 21:24:21.0965 3412 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/15 21:24:22.0007 3412 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/15 21:24:22.0038 3412 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/15 21:24:22.0090 3412 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/03/15 21:24:22.0190 3412 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/03/15 21:24:22.0292 3412 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/15 21:24:22.0357 3412 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/03/15 21:24:22.0405 3412 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/15 21:24:22.0458 3412 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/15 21:24:22.0658 3412 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/15 21:24:22.0780 3412 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/15 21:24:22.0851 3412 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/15 21:24:22.0893 3412 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/15 21:24:23.0126 3412 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/15 21:24:23.0270 3412 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/15 21:24:23.0320 3412 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/15 21:24:23.0363 3412 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/15 21:24:23.0541 3412 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
2011/03/15 21:24:23.0660 3412 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/15 21:24:23.0733 3412 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/15 21:24:23.0843 3412 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/15 21:24:24.0097 3412 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/03/15 21:24:24.0222 3412 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/15 21:24:24.0325 3412 SRS_PremiumSound_Service (ac51533c7eeb05aa02b294a60e946238) C:\Windows\system32\drivers\srs_PremiumSound_amd64.sys
2011/03/15 21:24:24.0403 3412 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/15 21:24:24.0485 3412 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/15 21:24:24.0539 3412 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/15 21:24:24.0609 3412 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/15 21:24:24.0654 3412 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/15 21:24:24.0774 3412 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/03/15 21:24:24.0969 3412 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/15 21:24:25.0028 3412 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/15 21:24:25.0080 3412 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/15 21:24:25.0114 3412 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/15 21:24:25.0143 3412 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/15 21:24:25.0166 3412 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/15 21:24:25.0256 3412 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/15 21:24:25.0289 3412 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/15 21:24:25.0317 3412 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/15 21:24:25.0351 3412 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/15 21:24:25.0405 3412 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/15 21:24:25.0451 3412 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/15 21:24:25.0500 3412 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/15 21:24:25.0557 3412 upperdev (bcd611d240604ceee7f90805361fab50) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
2011/03/15 21:24:25.0623 3412 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/15 21:24:25.0669 3412 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/15 21:24:25.0701 3412 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/15 21:24:25.0739 3412 usbfilter (d524f3716d85b744762ff5eaaef8f3a2) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/03/15 21:24:25.0787 3412 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/15 21:24:25.0816 3412 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/15 21:24:25.0859 3412 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/15 21:24:25.0923 3412 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/15 21:24:26.0052 3412 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
2011/03/15 21:24:26.0132 3412 UsbserFilt (d91be2644b18b4e3c69982fe0e1e97d6) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
2011/03/15 21:24:26.0177 3412 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/15 21:24:26.0214 3412 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/15 21:24:26.0280 3412 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/03/15 21:24:26.0361 3412 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/15 21:24:26.0427 3412 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/15 21:24:26.0465 3412 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/15 21:24:26.0576 3412 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/15 21:24:26.0727 3412 VIAHdAudAddService (fe595d1a1b781190bb483444b62cc607) C:\Windows\system32\drivers\viahduaa.sys
2011/03/15 21:24:26.0904 3412 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/15 21:24:26.0960 3412 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/15 21:24:27.0008 3412 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/03/15 21:24:27.0055 3412 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/15 21:24:27.0101 3412 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/15 21:24:27.0145 3412 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/15 21:24:27.0177 3412 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/15 21:24:27.0221 3412 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/15 21:24:27.0279 3412 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/15 21:24:27.0309 3412 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/15 21:24:27.0452 3412 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/15 21:24:27.0514 3412 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/15 21:24:27.0671 3412 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/15 21:24:27.0726 3412 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/15 21:24:27.0844 3412 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/15 21:24:27.0891 3412 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/15 21:24:27.0980 3412 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/15 21:24:28.0040 3412 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/03/15 21:24:28.0089 3412 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/15 21:24:28.0202 3412 ================================================================================
2011/03/15 21:24:28.0202 3412 Scan finished
2011/03/15 21:24:28.0202 3412 ================================================================================


Alt 15.03.2011, 21:29   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - prefs.js..network.proxy.backup.ftp: "    62.243.224.179"
FF - prefs.js..network.proxy.backup.ftp_port: 1080
FF - prefs.js..network.proxy.backup.gopher: "    62.243.224.179"
FF - prefs.js..network.proxy.backup.gopher_port: 1080
FF - prefs.js..network.proxy.backup.socks: "    62.243.224.179"
FF - prefs.js..network.proxy.backup.socks_port: 1080
FF - prefs.js..network.proxy.backup.ssl: "    62.243.224.179"
FF - prefs.js..network.proxy.backup.ssl_port: 1080
FF - prefs.js..network.proxy.ftp: "    131.247.2.247"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "    131.247.2.247"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "    131.247.2.247"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "    131.247.2.247"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "    131.247.2.247"
FF - prefs.js..network.proxy.ssl_port: 3127
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\{E001C731-5E37-4538-A5CB-8168736A2360}
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM
File not found (No name found) -- C:\USERS\MöTö\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LQL6LMBE.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Setwallpaper]  File not found
O4 - HKCU..\Run: []  File not found
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> win32.autorun.tmp wie werd ichs los?!

Alt 15.03.2011, 22:31   #7
mötö
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



hier bitte

All processes killed
========== OTL ==========
Prefs.js: " 62.243.224.179" removed from network.proxy.backup.ftp
Prefs.js: 1080 removed from network.proxy.backup.ftp_port
Prefs.js: " 62.243.224.179" removed from network.proxy.backup.gopher
Prefs.js: 1080 removed from network.proxy.backup.gopher_port
Prefs.js: " 62.243.224.179" removed from network.proxy.backup.socks
Prefs.js: 1080 removed from network.proxy.backup.socks_port
Prefs.js: " 62.243.224.179" removed from network.proxy.backup.ssl
Prefs.js: 1080 removed from network.proxy.backup.ssl_port
Prefs.js: " 131.247.2.247" removed from network.proxy.ftp
Prefs.js: 3127 removed from network.proxy.ftp_port
Prefs.js: " 131.247.2.247" removed from network.proxy.gopher
Prefs.js: 3127 removed from network.proxy.gopher_port
Prefs.js: " 131.247.2.247" removed from network.proxy.http
Prefs.js: 3127 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: " 131.247.2.247" removed from network.proxy.socks
Prefs.js: 3127 removed from network.proxy.socks_port
Prefs.js: " 131.247.2.247" removed from network.proxy.ssl
Prefs.js: 3127 removed from network.proxy.ssl_port
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: mötö
->Temp folder emptied: 4549862 bytes
->Temporary Internet Files folder emptied: 1747337 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 95654215 bytes
->Flash cache emptied: 504 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34626 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 97.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03152011_222651

Files\Folders moved on Reboot...
C:\Users\mötö\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 16.03.2011, 10:27   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.03.2011, 17:58   #9
mötö
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



... hat das gedauert.......

Geändert von mötö (16.03.2011 um 18:26 Uhr)

Alt 16.03.2011, 18:21   #10
mötö
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



finally nach fast 1 std kam die log datei

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-03-15.03 - mötö 16.03.2011  17:18:35.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4095.2669 [GMT 1:00]
ausgeführt von:: c:\users\mötö\Desktop\cofi.exe.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\mötö\remover.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-16 bis 2011-03-16  ))))))))))))))))))))))))))))))
.
.
2011-03-16 16:35 . 2011-03-16 16:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-14 21:41 . 2011-03-14 21:41	--------	d-----w-	c:\program files\CCleaner
2011-03-14 21:34 . 2011-03-14 21:34	--------	d-----w-	c:\program files (x86)\ESET
2011-03-08 19:40 . 2011-03-08 19:40	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-03-06 20:55 . 2011-03-06 20:56	--------	d-----w-	c:\users\mötö\AppData\Roaming\QuickScan
2011-02-27 19:44 . 2011-02-27 19:44	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2011-02-24 09:59 . 2011-02-27 19:40	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2011-02-23 14:26 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2011-02-23 14:26 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2011-02-23 14:01 . 2011-01-07 08:07	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2011-02-23 14:01 . 2011-01-07 08:07	475648	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-23 14:01 . 2011-01-07 07:31	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-02-23 14:01 . 2011-01-07 07:31	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-07-03 07:49	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-01-26 06:53 . 2011-02-11 12:51	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-11 12:51	265088	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-11 12:51	144384	----a-w-	c:\windows\system32\cdd.dll
2011-01-13 08:47 . 2009-12-09 11:26	188216	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-01-13 08:47 . 2011-01-14 09:35	237168	----a-w-	c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-12-09 11:27	273488	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-12-09 11:27	51792	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2009-12-09 11:27	29264	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-12-09 11:27	62032	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2009-12-09 11:27	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 08:06 . 2011-02-11 12:51	46080	----a-w-	c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-11 12:51	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-11 12:51	366080	----a-w-	c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-11 12:51	294400	----a-w-	c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-11 12:51	612352	----a-w-	c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-11 12:51	428032	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-11 12:51	3127808	----a-w-	c:\windows\system32\win32k.sys
2010-12-31 20:06 . 2010-11-17 18:20	38848	----a-w-	c:\windows\avastSS.scr
2010-12-21 06:16 . 2011-02-11 12:51	62976	----a-w-	c:\windows\system32\wscapi.dll
2010-12-21 06:16 . 2011-02-11 12:51	97280	----a-w-	c:\windows\system32\wscsvc.dll
2010-12-21 06:16 . 2011-02-11 12:51	214016	----a-w-	c:\windows\system32\winsrv.dll
2010-12-21 06:16 . 2011-02-11 12:51	1197056	----a-w-	c:\windows\system32\wininet.dll
2010-12-21 06:16 . 2011-02-11 12:51	442880	----a-w-	c:\windows\system32\winhttp.dll
2010-12-21 06:16 . 2011-02-11 12:51	258048	----a-w-	c:\windows\system32\WebClnt.dll
2010-12-21 06:15 . 2011-02-11 12:51	264192	----a-w-	c:\windows\system32\upnp.dll
2010-12-21 06:15 . 2011-02-11 12:51	15360	----a-w-	c:\windows\system32\slwga.dll
2010-12-21 06:13 . 2011-02-11 12:51	2003968	----a-w-	c:\windows\system32\msxml6.dll
2010-12-21 06:13 . 2011-02-11 12:51	1880576	----a-w-	c:\windows\system32\msxml3.dll
2010-12-21 06:10 . 2011-02-11 12:51	100864	----a-w-	c:\windows\system32\davclnt.dll
2010-12-21 05:38 . 2011-02-11 12:51	51200	----a-w-	c:\windows\SysWow64\wscapi.dll
2010-12-21 05:38 . 2011-02-11 12:51	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2010-12-21 05:38 . 2011-02-11 12:51	350720	----a-w-	c:\windows\SysWow64\winhttp.dll
2010-12-21 05:38 . 2011-02-11 12:51	204800	----a-w-	c:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38 . 2011-02-11 12:51	204288	----a-w-	c:\windows\SysWow64\upnp.dll
2010-12-21 05:38 . 2011-02-11 12:51	14336	----a-w-	c:\windows\SysWow64\slwga.dll
2010-12-21 05:36 . 2011-02-11 12:51	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2010-12-21 05:36 . 2011-02-11 12:51	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2010-12-21 05:34 . 2011-02-11 12:51	80384	----a-w-	c:\windows\SysWow64\davclnt.dll
2010-12-20 17:09 . 2009-12-18 12:21	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-12-18 12:21	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-18 06:11 . 2011-02-11 12:52	57856	----a-w-	c:\windows\system32\licmgr10.dll
2010-12-18 06:11 . 2011-02-11 12:51	714752	----a-w-	c:\windows\system32\kerberos.dll
2010-12-18 05:29 . 2011-02-11 12:52	44544	----a-w-	c:\windows\SysWow64\licmgr10.dll
2010-12-18 05:29 . 2011-02-11 12:51	541184	----a-w-	c:\windows\SysWow64\kerberos.dll
2010-12-18 04:55 . 2011-02-11 12:52	482816	----a-w-	c:\windows\system32\html.iec
2010-12-18 04:20 . 2011-02-11 12:52	386048	----a-w-	c:\windows\SysWow64\html.iec
2010-12-18 04:13 . 2011-02-11 12:52	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2010-12-18 03:47 . 2011-02-11 12:52	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2009-04-08 18:31 . 2009-04-08 18:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45	155648	----a-w-	c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-04-15 10:33	2515552	----a-w-	c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-04-15 2515552]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-07-10 3754232]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-01-13 37888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-11-18 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 135664]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-07-10 128224]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_amd64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 16:22]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 16:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-25 10:47	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-25 10:47	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\Asus WebStorage\BackupService.exe" [2009-08-25 947472]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\mötö\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\mötö\AppData\Roaming\Mozilla\Firefox\Profiles\lql6lmbe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files (x86)\Google\Google Gears\Firefox
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-16  18:18:54
ComboFix-quarantined-files.txt  2011-03-16 17:18
.
Vor Suchlauf: 7 Verzeichnis(se), 27.637.673.984 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 27.284.303.872 Bytes frei
.
- - End Of File - - 01EA26A06BE79366077DB77B6E36F43E
         
--- --- ---

Alt 16.03.2011, 19:26   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.03.2011, 19:47   #12
mötö
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer INC.
System Product Name: K50AB
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 201):
0x02A1D000 \SystemRoot\system32\ntoskrnl.exe
0x02FFA000 \SystemRoot\system32\hal.dll
0x00BA6000 \SystemRoot\system32\kdcom.dll
0x00C40000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C4D000 \SystemRoot\system32\PSHED.dll
0x00C61000 \SystemRoot\system32\CLFS.SYS
0x00CBF000 \SystemRoot\system32\CI.dll
0x00E49000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EED000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EFC000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F53000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F5C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F66000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F99000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FA6000 \SystemRoot\System32\drivers\partmgr.sys
0x00FBB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FC4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FD0000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D7F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FE5000 \SystemRoot\system32\drivers\pciide.sys
0x00FEC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E1A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E23000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00E2E000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x01084000 \SystemRoot\system32\DRIVERS\storport.sys
0x010E6000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010F1000 \SystemRoot\system32\drivers\fltmgr.sys
0x0113D000 \SystemRoot\system32\drivers\fileinfo.sys
0x01151000 \SystemRoot\System32\Drivers\AsDsm.sys
0x0115E000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x01239000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01167000 \SystemRoot\System32\Drivers\msrpc.sys
0x013DC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0149F000 \SystemRoot\system32\drivers\ndis.sys
0x01591000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018C2000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0190E000 \SystemRoot\System32\Drivers\spldr.sys
0x01916000 \SystemRoot\System32\drivers\rdyboost.sys
0x01950000 \SystemRoot\System32\Drivers\mup.sys
0x01962000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0196B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019A5000 \SystemRoot\system32\DRIVERS\disk.sys
0x019BB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x019EB000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x0183F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01869000 \SystemRoot\System32\Drivers\Null.SYS
0x01872000 \SystemRoot\System32\Drivers\Beep.SYS
0x01879000 \SystemRoot\System32\drivers\vga.sys
0x01887000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x018AC000 \SystemRoot\System32\drivers\watchdog.sys
0x019F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01475000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0147E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01487000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0121B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011C5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01492000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x011E3000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02C9F000 \SystemRoot\system32\drivers\afd.sys
0x02D29000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x02D33000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D78000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D81000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DA7000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02DBD000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DCC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02DE7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02C68000 \SystemRoot\System32\drivers\discache.sys
0x02C77000 \SystemRoot\System32\Drivers\dfsc.sys
0x01073000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03A97000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03AE0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B06000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03C98000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x042AF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x043A3000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03C00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04833000 \SystemRoot\system32\DRIVERS\athrx.sys
0x049B0000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x049BD000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03C39000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x049C8000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x049D4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03B1B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04824000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x049E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03B39000 \SystemRoot\system32\DRIVERS\ETD.sys
0x043E9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x049F4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x043F8000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x03B5A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03B6A000 \SystemRoot\system32\drivers\srs_PremiumSound_amd64.sys
0x03BBD000 \SystemRoot\system32\drivers\ks.sys
0x049F9000 \SystemRoot\system32\drivers\ksthunk.sys
0x03A00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03A16000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03A3A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03A46000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03A75000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00DDB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04A34000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04A4E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04A50000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04A62000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04ABC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05617000 \SystemRoot\system32\drivers\viahduaa.sys
0x057AB000 \SystemRoot\system32\drivers\portcls.sys
0x04AD1000 \SystemRoot\system32\drivers\drmk.sys
0x057E8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x057F6000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x05600000 \SystemRoot\System32\Drivers\dump_amdsata.sys
0x04AF3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04B06000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04B14000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04B2D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05614000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04B36000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04B43000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x04B60000 \SystemRoot\System32\drivers\Dxapi.sys
0x01E2E000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x01FE6000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x01FF7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x01E00000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004B0000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x04B6C000 \SystemRoot\system32\drivers\luafv.sys
0x04B8F000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x01E0E000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x04BC9000 \SystemRoot\system32\drivers\WudfPf.sys
0x01E17000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x034CC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0351F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03532000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0354A000 \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys
0x03400000 \SystemRoot\system32\drivers\HTTP.sys
0x03551000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0356F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03587000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06AB1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06AFF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06B22000 \SystemRoot\system32\drivers\peauth.sys
0x06BC8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06BD3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06A00000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06A12000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07210000 \SystemRoot\System32\DRIVERS\srv.sys
0x072A6000 \SystemRoot\System32\Drivers\fastfat.SYS
0x07386000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x772A0000 \Windows\System32\ntdll.dll
0x484C0000 \Windows\System32\smss.exe
0xFF5C0000 \Windows\System32\apisetschema.dll
0xFFD80000 \Windows\System32\autochk.exe
0xFF4D0000 \Windows\System32\advapi32.dll
0xFF270000 \Windows\System32\iertutil.dll
0xFF1D0000 \Windows\System32\comdlg32.dll
0x77470000 \Windows\System32\normaliz.dll
0xFF180000 \Windows\System32\Wldap32.dll
0xFF000000 \Windows\System32\urlmon.dll
0x77460000 \Windows\System32\psapi.dll
0xFEF80000 \Windows\System32\difxapi.dll
0xFED70000 \Windows\System32\ole32.dll
0xFED20000 \Windows\System32\ws2_32.dll
0xFED00000 \Windows\System32\imagehlp.dll
0xFEC60000 \Windows\System32\msvcrt.dll
0x771A0000 \Windows\System32\user32.dll
0xFEB80000 \Windows\System32\oleaut32.dll
0xFEB50000 \Windows\System32\imm32.dll
0xFEB40000 \Windows\System32\nsi.dll
0xFEB20000 \Windows\System32\sechost.dll
0xFDD90000 \Windows\System32\shell32.dll
0xFDD20000 \Windows\System32\gdi32.dll
0xFDC10000 \Windows\System32\msctf.dll
0xFDAE0000 \Windows\System32\rpcrt4.dll
0xFD9B0000 \Windows\System32\wininet.dll
0xFD8E0000 \Windows\System32\usp10.dll
0xFD840000 \Windows\System32\clbcatq.dll
0xFD660000 \Windows\System32\setupapi.dll
0x77080000 \Windows\System32\kernel32.dll
0xFD650000 \Windows\System32\lpk.dll
0xFD5D0000 \Windows\System32\shlwapi.dll
0xFD530000 \Windows\System32\comctl32.dll
0xFD510000 \Windows\System32\devobj.dll
0xFD3A0000 \Windows\System32\crypt32.dll
0xFD360000 \Windows\System32\cfgmgr32.dll
0xFD320000 \Windows\System32\wintrust.dll
0xFD2B0000 \Windows\System32\KernelBase.dll
0xFD2A0000 \Windows\System32\msasn1.dll
0x76A50000 \Windows\SysWOW64\normaliz.dll

Processes (total 79):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
352 csrss.exe
420 C:\Windows\System32\wininit.exe
440 csrss.exe
492 C:\Windows\System32\services.exe
516 C:\Windows\System32\winlogon.exe
544 C:\Windows\System32\lsass.exe
552 C:\Windows\System32\lsm.exe
652 C:\Windows\System32\svchost.exe
736 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\atiesrxx.exe
872 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
336 C:\Windows\System32\svchost.exe
444 C:\Windows\System32\atieclxx.exe
1108 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\FBAgent.exe
1232 C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
1260 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1288 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1444 C:\Windows\System32\dwm.exe
1464 C:\Windows\explorer.exe
1564 C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
1572 C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
1704 C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
1860 C:\Windows\System32\spoolsv.exe
1872 C:\Windows\System32\taskhost.exe
2000 C:\Windows\System32\taskeng.exe
1124 C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
1088 C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
1072 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
1488 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
1368 C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
1364 C:\Program Files\P4G\BatteryLife.exe
1340 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
1956 C:\Windows\System32\svchost.exe
2076 C:\Windows\SysWOW64\ACEngSvr.exe
2088 C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
2400 C:\Windows\System32\svchost.exe
2444 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2456 C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe
2580 C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
2660 C:\Windows\System32\svchost.exe
2748 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3108 C:\Windows\System32\SearchIndexer.exe
3628 C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
3640 C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
4012 C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
4092 C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
1096 C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
3152 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
836 C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
2556 C:\Program Files (x86)\Winamp\winampa.exe
2648 C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
2804 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2788 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2644 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3988 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4196 C:\Program Files\Windows Media Player\wmpnetwk.exe
4500 C:\Windows\System32\svchost.exe
4684 C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
4804 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5004 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
3448 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
2996 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
4636 C:\Windows\System32\svchost.exe
3816 C:\Windows\System32\svchost.exe
6096 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2652 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
4056 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
3924 C:\Windows\System32\audiodg.exe
660 MpCmdRun.exe
6000 taskhost.exe
2872 C:\Users\mötö\Desktop\MBRCheck.exe
5280 C:\Windows\System32\conhost.exe
4916 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a962f000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000016`4aaf6e00 (NTFS)

PhysicalDrive0 Model Number: ST9320325AS, Rev: 0002SDM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

bitte

Alt 16.03.2011, 19:57   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



GMER wollte nicht?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.03.2011, 20:14   #14
mötö
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-16 20:11:41
Windows 6.1.7600  
Running: y758zvjy.exe


---- Files - GMER 1.0.15 ----

File  C:\ADSM_PData_0150                       0 bytes
File  C:\ADSM_PData_0150\DB                    0 bytes
File  C:\ADSM_PData_0150\DB\SI.db              624 bytes
File  C:\ADSM_PData_0150\DB\UL.db              1040 bytes
File  C:\ADSM_PData_0150\DB\VL.db              6160 bytes
File  C:\ADSM_PData_0150\DB\WAL.db             2048 bytes
File  C:\ADSM_PData_0150\DragWait.exe          315392 bytes executable
File  C:\ADSM_PData_0150\_avt                  512 bytes
File  C:\Users\mötö\Gesicherte Musik           0 bytes
File  C:\Users\mötö\Gesicherte Musik\_avt      512 bytes
File  C:\Users\mötö\Gesicherte Musik\_lit      512 bytes
File  C:\Users\mötö\Gesichertes Dokument       0 bytes
File  C:\Users\mötö\Gesichertes Dokument\_avt  512 bytes
File  C:\Users\mötö\Gesichertes Dokument\_lit  512 bytes
File  C:\Users\mötö\Gesichertes Video          0 bytes
File  C:\Users\mötö\Gesichertes Video\_avt     512 bytes
File  C:\Users\mötö\Gesichertes Video\_lit     512 bytes

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 16.03.2011, 20:14   #15
mötö
 
win32.autorun.tmp wie werd ichs los?! - Standard

win32.autorun.tmp wie werd ichs los?!



doch doch eins nach dem anderen :-)

Antwort

Themen zu win32.autorun.tmp wie werd ichs los?!
adblock, anti-malware, avast!, cc cleaner, cleaner, code, conduit, datei, dateien, edition, entfernen, explorer, file, fix, gfnexsrv.exe, home, location, log, log datei, malware, mas, microsoft, msvcr80.dll, nicht mehr, oldtimer, otl.exe, pdfforge toolbar, plug-in, programdata, remover, rootkit, safer networking, searchplugins, seite, seiten, spigot, spybot, start menu, synchronisation, syswow64, vdeck.exe, version, webcheck, win, windows, windows 7, windows 7 home, windows 7 home premium



Ähnliche Themen: win32.autorun.tmp wie werd ichs los?!


  1. AutoIt/Ippedo.A, Win32/Autorun.AHV!lnk
    Plagegeister aller Art und deren Bekämpfung - 12.03.2015 (13)
  2. Win32.AutoRun.tmp Trojans
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (2)
  3. worm.win32.autorun
    Plagegeister aller Art und deren Bekämpfung - 29.11.2011 (5)
  4. win32 rootkit gen - wie werd ich das Ding wieder los?
    Plagegeister aller Art und deren Bekämpfung - 09.01.2011 (4)
  5. Problem mit win32.autorun.tmp
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (3)
  6. Win32.AutoRun.tmp - ...\Winlogon\Taskman
    Plagegeister aller Art und deren Bekämpfung - 18.12.2010 (3)
  7. win32.autorun.tmp wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 10.09.2010 (138)
  8. win32.autorun.tmp
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (14)
  9. Trojan.Win32.Autorun
    Plagegeister aller Art und deren Bekämpfung - 06.08.2010 (26)
  10. trojaner win32.autorun.tmp
    Mülltonne - 03.08.2010 (3)
  11. win32.autorun.tmp
    Mülltonne - 03.08.2010 (1)
  12. Worm:Win32/Autorun!inf
    Log-Analyse und Auswertung - 14.06.2010 (3)
  13. win32.autorun.tmp - was tun?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2010 (33)
  14. Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2009 (6)
  15. Win32.Autorun.tk
    Plagegeister aller Art und deren Bekämpfung - 22.01.2008 (6)
  16. Backdoor.Win32.Small.os eingefangen und werd ihn nicht los
    Plagegeister aller Art und deren Bekämpfung - 21.05.2007 (2)
  17. wie werd ich ihn wieder los? not-a-virus:adware:win32.softomate.g
    Log-Analyse und Auswertung - 19.02.2006 (3)

Zum Thema win32.autorun.tmp wie werd ichs los?! - habe heute mit spybot gescannt und es fand win32.autorun.tmp und konnte es leider nicht entfernen, beim nochmaligen scan wurde es nicht mehr gefunden, malware findet auch nix, cc cleaner benutzt - win32.autorun.tmp wie werd ichs los?!...
Archiv
Du betrachtest: win32.autorun.tmp wie werd ichs los?! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.