Unerwünschte Googleweiterleitung

creole · 15.03.2011, 09:09

Hi,

ich bin neu hier und es ist das erste mal das ich mir so etwas schweres zugezogen habe.

Ich habe ein Problem und zwar leitet mich Google immer zu ungewollten Seiten weiter. Ich habe Malwarebytes schon ausprobiert aber das Problem ist noch nicht beseitigt.

Ich wäre für Hilfe dankbar.

Hier noch die Malwarebytesausgabe:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6049

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.03.2011 09:19:14
mbam-log-2011-03-15 (09-19-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148313
Laufzeit: 9 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 15.03.2011, 11:47

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

creole · 15.03.2011, 14:32

Also hier der Output vom Ganzkörperscan von gestern mit Malbytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6049

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.03.2011 22:14:26
mbam-log-2011-03-14 (22-14-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 266538
Laufzeit: 1 Stunde(n), 32 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EuroGrand Casino (PUP.Casino) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Europa Casino (PUP.Casino) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Casino\eurogrand casino\_setupcasino_e7244b_de.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Casino\europa casino\_europasetup_6dea85_de.exe (PUP.Casino) -> Quarantined and deleted successfully.

der ODT-File kommt nach.

creole · 15.03.2011, 14:47

und jetzt der ODT File Output:

Code:

ATTFilter

OTL logfile created on: 15.03.2011 14:32:53 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,96 Gb Total Space | 272,52 Gb Free Space | 91,46% Space Free | Partition Type: NTFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Users\Stefan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ASUS\ASUS WebStorage\3.0.88.169\AsusWSPanel.exe (ecareme)
PRC - C:\Programme\ASUS\ASUS WebStorage\3.0.88.169\AsusWSService.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe (Research In Motion)
PRC - C:\Programme\ASUS\CapsHook\CapsHook.exe (ASUS)
PRC - C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\ASUS\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\2DoorWayTouchSuite\AsusUacSvc.exe ()
PRC - C:\Programme\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Programme\ASUS\TouchHomeKey\TouchHomeKey.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========

Hups hier der zweite File:

Code:

ATTFilter

OTL Extras logfile created on: 15.03.2011 14:32:53 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,96 Gb Total Space | 272,52 Gb Free Space | 91,46% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack für Windows 7
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{BC508432-7BC6-427F-AD99-556202345B6C}" = Express Gate
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = USB2.0 UVC WebCam 
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS WebStorage" = ASUS WebStorage
"avast" = avast! Free Antivirus
"AVG" = AVG 2011
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"Glary Utilities_is1" = Glary Utilities 2.33.0.1158
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PakkISO_is1" = PakkISO 0.4
"PenWrite_is1" = PenWrite v1.9.20.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Touch Gate_is1" = Touch Gate 1.0.2.2
"TouchAPUninstaller" = 2DoorWay TouchSuite
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EuroGrand Casino" = EuroGrand Casino
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

und kann man schon was sagen? Wie sieht es aus?Ist es vielleicht taskhost.exe?

cosinus · 15.03.2011, 16:15

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

creole · 15.03.2011, 16:27

Einer war noch auch mit nem Fund:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6049

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.03.2011 15:07:08
mbam-log-2011-03-14 (15-07-08).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148523
Laufzeit: 8 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\messenger.exe (Malware.Gen) -> Quarantined and deleted successfully.

Sag mal studierst du zufällig Mathematik, wegen Winkelfunktion?

cosinus · 15.03.2011, 16:47

Das erste OTL-Log ist unvollständig.

creole · 15.03.2011, 17:03

Entschuldigung hier noch mal der Ganze.

Code:

ATTFilter

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,96 Gb Total Space | 272,55 Gb Free Space | 91,47% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Users\Stefan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ASUS\ASUS WebStorage\3.0.88.169\AsusWSPanel.exe (ecareme)
PRC - C:\Programme\ASUS\ASUS WebStorage\3.0.88.169\AsusWSService.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe (Research In Motion)
PRC - C:\Programme\ASUS\CapsHook\CapsHook.exe (ASUS)
PRC - C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\ASUS\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\2DoorWayTouchSuite\AsusUacSvc.exe ()
PRC - C:\Programme\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Programme\ASUS\TouchHomeKey\TouchHomeKey.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AsusUacSvc) -- C:\Programme\ASUS\2DoorWayTouchSuite\AsusUacSvc.exe ()
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 0F C4 E5 04 D5 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
 
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.03.12 18:19:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011.03.12 18:36:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.14 01:09:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.14 01:09:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.13 21:16:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.03.14 02:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2011.03.13 21:31:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.14 02:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\3or8qltr.default\extensions
[2011.03.14 01:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.12 18:19:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.03.12 18:36:56 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.88.169\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CapsHook] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PenWrite] C:\Program Files\ASUS\PenWrite\PenWrite.exe ()
O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TouchHomeKey] C:\Programme\ASUS\TouchHomeKey\TouchHomeKey.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\ShellTrayDll.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.15 08:52:39 | 000,000,000 | ---D | C] -- C:\Programme\uTorrent
[2011.03.14 14:57:36 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2011.03.14 14:57:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.14 14:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.14 14:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.14 14:57:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.14 14:57:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.14 01:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011.03.14 01:09:06 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.03.13 22:18:59 | 000,000,000 | ---D | C] -- C:\Programme\PakkISO
[2011.03.13 21:31:26 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Mozilla
[2011.03.13 21:31:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Thunderbird
[2011.03.13 21:31:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Thunderbird
[2011.03.13 21:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011.03.13 21:16:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2011.03.13 20:44:08 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Outlook-Dateien
[2011.03.13 19:22:28 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2011.03.13 19:18:05 | 000,000,000 | -H-D | C] -- C:\ASUS.000
[2011.03.13 19:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Gate
[2011.03.13 19:17:20 | 000,000,000 | -H-D | C] -- C:\ASUS.SYS
[2011.03.13 17:52:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.03.13 17:51:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.13 17:51:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.13 17:51:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.13 17:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2011.03.13 17:48:25 | 000,000,000 | ---D | C] -- C:\Programme\Glary Utilities
[2011.03.13 17:40:41 | 000,000,000 | -HSD | C] -- C:\aws
[2011.03.13 17:40:38 | 000,000,000 | ---D | C] -- C:\ASUS WebStorage
[2011.03.13 17:40:17 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Asus WebStorage
[2011.03.13 15:38:33 | 000,033,768 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\System32\AsusSender.exe
[2011.03.13 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\fltk.org
[2011.03.13 14:21:11 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Desktop\Arbeitsfläche
[2011.03.13 12:07:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Google
[2011.03.12 18:40:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\OneNote-Notizbücher
[2011.03.12 18:39:14 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\GlarySoft
[2011.03.12 18:39:04 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\AVG10
[2011.03.12 18:37:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.03.12 18:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011.03.12 18:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011.03.12 18:36:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011.03.12 18:36:47 | 000,000,000 | ---D | C] -- C:\Programme\AVG
[2011.03.12 18:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011.03.12 18:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.03.12 18:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.03.12 18:20:00 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.03.12 18:20:00 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.03.12 18:19:58 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.03.12 18:19:58 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.03.12 18:19:57 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.03.12 18:19:56 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.03.12 18:18:59 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.03.12 18:18:57 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.03.12 18:18:42 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.03.12 18:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.03.12 18:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.03.12 18:15:28 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2011.03.12 18:15:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2011.03.12 18:13:30 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2011.03.12 18:13:30 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2011.03.12 18:09:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2011.03.12 18:08:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2011.03.12 18:07:42 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Microsoft Help
[2011.03.12 18:07:26 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.03.12 18:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.03.12 18:07:07 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.03.11 23:36:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\AsusInternetRadio.FE3DA72B022E78FEBEB750602F72A2E5E345080B.1
[2011.03.11 23:27:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Touch Pack für Windows 7
[2011.03.11 23:27:47 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011.03.11 23:27:46 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011.03.11 23:27:46 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011.03.11 23:27:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-CHS
[2011.03.11 23:27:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\tr
[2011.03.11 23:27:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\sv
[2011.03.11 23:27:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\pt
[2011.03.11 23:27:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\es
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-CHT
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\sk
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ru
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ro
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\pl
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\no
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\nl
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ko
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ja
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\it
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\hu
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\fr
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\fi
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\en
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\el
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\da
[2011.03.11 23:27:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\cs
[2011.03.11 23:27:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\bg
[2011.03.11 23:27:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Touch Pack for Windows 7
[2011.03.11 23:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2011.03.11 23:26:23 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\IsolatedStorage
[2011.03.11 23:25:56 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011.03.11 23:25:56 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011.03.11 23:25:56 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011.03.11 23:25:55 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011.03.11 23:25:55 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011.03.11 23:25:55 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011.03.11 23:25:55 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_2.dll
[2011.03.11 23:25:40 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft XNA
[2011.03.11 23:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.03.11 23:04:03 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.03.11 23:03:32 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.03.11 20:26:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\dwhelper
[2011.03.11 19:53:11 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Apple Computer
[2011.03.11 19:53:11 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Apple Computer
[2011.03.11 19:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.11 19:52:51 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011.03.11 19:52:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.03.11 19:51:36 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.11 19:51:34 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.11 19:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.03.10 14:52:17 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\uTorrent
[2011.03.10 14:21:00 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Blackberry Desktop
[2011.03.10 14:18:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\BlackBerry
[2011.03.10 14:17:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Research In Motion
[2011.03.10 14:17:31 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Research In Motion
[2011.03.10 14:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2011.03.10 14:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2011.03.10 14:15:46 | 000,000,000 | ---D | C] -- C:\Programme\Research In Motion
[2011.03.10 14:15:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Research In Motion
[2011.03.10 14:14:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\TouchGate2Doorway
[2011.03.10 14:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.03.10 14:12:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2011.03.10 12:42:56 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\WinRAR
[2011.03.10 12:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.03.10 12:42:55 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.03.10 12:42:49 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2011.03.10 12:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2011.03.10 12:08:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliPoint
[2011.03.10 12:08:13 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.03.10 11:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.03.10 11:57:31 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2011.03.10 11:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.03.10 11:57:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Apple
[2011.03.10 11:57:08 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2011.03.10 11:56:13 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.03.10 11:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.03.09 23:18:06 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\BUPDATER-V1_12
[2011.03.09 23:10:00 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\temp
[2011.03.09 23:09:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\EeeStorageUploader
[2011.03.09 23:07:30 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\ElevatedDiagnostics
[2011.03.09 23:06:55 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.09 23:06:54 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.03.09 23:06:51 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 23:06:51 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011.03.09 23:06:51 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 23:06:50 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.06 03:45:25 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2011.03.06 00:11:28 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Intel Corporation
[2011.03.06 00:09:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2011.03.06 00:08:59 | 000,000,000 | ---D | C] -- C:\Intel
[2011.03.06 00:08:54 | 000,000,000 | ---D | C] -- C:\Programme\Intel
[2011.03.06 00:08:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\AHCI
[2011.03.06 00:03:57 | 000,000,000 | ---D | C] -- C:\Windows\smFile
[2011.03.06 00:03:56 | 002,532,864 | ---- | C] (Silicon Motion Corporation) -- C:\Windows\System32\drivers\SMIexp.sys
[2011.03.06 00:03:56 | 000,937,984 | ---- | C] (SiliconMotion) -- C:\Windows\System32\RemoveSM37X.exe
[2011.03.06 00:03:56 | 000,181,760 | ---- | C] (SMI) -- C:\Windows\System32\drivers\SMIksdrv.sys
[2011.03.06 00:03:56 | 000,000,000 | ---D | C] -- C:\Programme\Azurewave, SMI371L
[2011.03.06 00:02:34 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Camera-V5_58_0_12
[2011.03.06 00:01:52 | 001,006,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2011.03.06 00:01:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011.03.05 23:50:04 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics
[2011.03.05 15:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB
[2011.03.04 12:11:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.03.04 12:11:32 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.03.04 12:11:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.02.28 15:22:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011.02.28 15:20:00 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011.02.28 15:19:21 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2011.02.28 15:19:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Microsoft Games
[2011.02.26 08:09:52 | 000,000,000 | ---D | C] -- C:\Casino
[2011.02.26 07:18:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011.02.26 07:18:30 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.02.26 07:18:29 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2011.02.26 07:18:29 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011.02.26 07:18:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.02.26 07:18:19 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011.02.26 07:18:18 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.02.26 07:18:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011.02.26 07:18:16 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.26 07:18:12 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011.02.26 07:18:12 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011.02.26 07:18:11 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011.02.26 07:18:11 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011.02.26 07:18:08 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011.02.26 07:18:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011.02.26 07:18:02 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.02.26 07:17:55 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011.02.26 07:17:55 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011.02.26 07:17:55 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011.02.26 07:17:52 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011.02.26 07:17:50 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011.02.26 07:17:50 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011.02.26 07:17:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.26 07:17:47 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.26 07:17:38 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.02.26 07:17:36 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011.02.26 07:17:25 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.26 07:17:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.26 07:17:25 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.26 07:17:25 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.26 07:17:25 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.26 07:17:24 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.26 07:17:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.26 07:17:24 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.26 07:17:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.26 07:17:18 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.02.26 07:17:18 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.02.26 07:17:18 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.02.26 07:17:17 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011.02.26 07:17:13 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.26 07:17:13 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.26 07:17:12 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.26 07:17:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011.02.26 07:17:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.26 07:17:04 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.26 07:17:04 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.26 07:17:01 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.26 07:17:00 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.26 07:16:59 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.02.26 07:16:59 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.26 07:16:58 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.02.26 07:16:58 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.26 07:16:58 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.02.26 07:16:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.26 07:16:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011.02.26 07:16:54 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011.02.26 07:16:54 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011.02.26 07:16:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.26 07:16:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.26 07:16:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011.02.26 07:16:52 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011.02.26 07:16:51 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011.02.26 07:16:50 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.02.26 07:16:50 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.02.26 07:16:50 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.02.26 07:16:50 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.02.26 07:16:49 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.02.26 07:16:49 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.02.26 07:16:49 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.02.26 07:16:49 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.02.26 07:12:51 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.02.26 07:12:51 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.25 23:24:12 | 000,000,000 | ---D | C] -- C:\Programme\Elantech
[2011.02.25 23:24:00 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
[2011.02.25 23:23:37 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\WLAN-NE107H-V2007_1_1002_2009
[2011.02.25 23:22:44 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Touchpad
[2011.02.25 19:35:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\E-Cam
[2011.02.25 18:23:28 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Asus
[2011.02.25 17:54:44 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\KBFilter-V1_0_0_3
[2011.02.25 17:46:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Downloaded Installations
[2011.02.25 17:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterVideo WinDVD
[2011.02.25 17:41:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InterVideo
[2011.02.25 17:39:41 | 000,000,000 | ---D | C] -- C:\Programme\InterVideo
[2011.02.25 17:39:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Mozilla
[2011.02.25 17:37:42 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\ASUS WebStorage
[2011.02.25 17:36:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011.02.25 17:36:32 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011.02.25 17:36:32 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011.02.25 17:36:32 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011.02.25 17:36:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011.02.25 17:36:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011.02.25 17:36:31 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011.02.25 17:36:31 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011.02.25 17:36:31 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011.02.25 17:36:30 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011.02.25 17:36:30 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011.02.25 17:36:30 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011.02.25 17:36:23 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011.02.25 17:36:23 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011.02.25 17:36:23 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011.02.25 17:36:22 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011.02.25 17:36:22 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011.02.25 17:36:21 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011.02.25 17:36:20 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011.02.25 17:36:20 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011.02.25 17:36:19 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011.02.25 17:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E-Cam
[2011.02.25 17:25:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\FontResizer-V1_01_0011
[2011.02.25 17:25:31 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\E-Cam
[2011.02.25 17:25:00 | 000,000,000 | ---D | C] -- C:\Programme\E-Cam
[2011.02.25 17:24:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\EBI
[2011.02.25 17:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\RSMR
[2011.02.25 17:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EBI
[2011.02.25 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\InstallShield
[2011.02.25 17:23:26 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\ASUSVibe-V1_0_173
[2011.02.25 17:21:40 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.02.25 17:20:28 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\ECam
[2011.02.25 17:18:06 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\System32\AsIO.dll
[2011.02.25 17:18:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield
[2011.02.25 17:17:37 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\ASUSUpdt
[2011.02.25 17:16:58 | 000,000,000 | ---D | C] -- C:\Programme\ASUS
[2011.02.25 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\CapsHook
[2011.02.25 17:13:49 | 000,000,000 | ---D | C] -- C:\Programme\EeePC
[2011.02.25 17:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2011.02.25 17:13:48 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2011.02.25 17:12:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\SupHybridEngine
[2011.02.25 17:10:49 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Download Manager
[2011.02.25 17:09:19 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.02.25 17:07:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Macromedia
[2011.02.25 17:07:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Adobe
[2011.02.25 17:07:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011.02.25 16:56:40 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.02.25 16:56:39 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.02.25 16:56:39 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Searches
[2011.02.25 16:56:31 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Identities
[2011.02.25 16:56:28 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Contacts
[2011.02.25 16:56:15 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\VirtualStore
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Vorlagen
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Verlauf
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Temporary Internet Files
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Startmenü
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\SendTo
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Recent
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Netzwerkumgebung
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Lokale Einstellungen
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\Eigene Videos
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\Eigene Musik
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Eigene Dateien
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\Eigene Bilder
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Druckumgebung
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Cookies
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Anwendungsdaten
[2011.02.25 16:56:14 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Anwendungsdaten
[2011.02.25 16:56:13 | 000,000,000 | --SD | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Videos
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Saved Games
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Pictures
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Music
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Links
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Favorites
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Downloads
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Documents
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Desktop
[2011.02.25 16:56:13 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.02.25 16:56:13 | 000,000,000 | -H-D | C] -- C:\Users\Stefan\AppData
[2011.02.25 16:56:13 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Temp
[2011.02.25 16:56:13 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Microsoft
[2011.02.25 16:56:13 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Media Center Programs
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.02.25 16:55:48 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.02.25 16:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.02.25 16:39:30 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.02.25 16:39:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.02.25 16:38:29 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2009.07.21 16:29:40 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.15 09:15:14 | 000,005,120 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.15 08:52:40 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011.03.15 08:49:19 | 000,015,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.15 08:49:19 | 000,015,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.15 08:48:58 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.15 08:48:58 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.15 08:48:58 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.15 08:48:58 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.15 08:43:02 | 000,001,725 | ---- | M] () -- C:\Users\Stefan\Desktop\MySyncFolder.lnk
[2011.03.15 08:42:04 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011.03.15 08:42:01 | 000,000,318 | -HS- | M] () -- C:\Windows\tasks\klcjpli.job
[2011.03.15 08:41:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.15 08:41:31 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.14 14:57:15 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.13 20:31:39 | 000,001,314 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.03.13 20:14:22 | 000,007,605 | ---- | M] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
[2011.03.13 19:22:26 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.03.13 19:18:10 | 000,000,117 | ---- | M] () -- C:\dvmb.lst
[2011.03.13 19:18:10 | 000,000,057 | -H-- | M] () -- C:\splash.idx
[2011.03.13 19:14:52 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2011.03.13 11:49:37 | 000,408,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.12 18:19:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.03.11 20:14:28 | 000,096,256 | RHS- | M] () -- C:\Windows\System32\AuthFWGPE.dll
[2011.03.10 14:19:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011.03.10 12:08:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011.03.09 23:17:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.03.09 23:17:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.03.05 23:50:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011.03.04 12:06:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.02.25 23:24:00 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll
[2011.02.25 18:21:43 | 000,000,040 | -H-- | M] () -- C:\Windows\System32\ivireg.ivr
[2011.02.25 17:54:32 | 003,767,925 | ---- | M] () -- C:\Users\Stefan\Documents\KBFilter-V1_0_0_3.zip
[2011.02.25 17:42:45 | 313,979,198 | ---- | M] () -- C:\Users\Stefan\Documents\EG-1_2_17_25_User.zip
[2011.02.25 17:32:34 | 005,370,929 | ---- | M] () -- C:\Users\Stefan\Documents\ASUSWebStorage2_0_40_1319.zip
[2011.02.25 17:20:50 | 018,177,270 | ---- | M] () -- C:\Users\Stefan\Documents\ASUSVibe-V1_0_173.zip
[2011.02.25 17:20:45 | 016,137,804 | ---- | M] () -- C:\Users\Stefan\Documents\FontResizer-V1_01_0011.zip
[2011.02.25 17:20:39 | 019,713,439 | ---- | M] () -- C:\Users\Stefan\Documents\LiveUpdate_1_22.zip
[2011.02.25 17:19:55 | 024,380,284 | ---- | M] () -- C:\Users\Stefan\Documents\ECam.zip
[2011.02.25 17:16:53 | 006,304,265 | ---- | M] () -- C:\Users\Stefan\Documents\ASUSUpdt.zip
[2011.02.25 17:15:31 | 002,820,016 | ---- | M] () -- C:\Users\Stefan\Documents\CapsHook.zip
[2011.02.25 17:12:15 | 002,984,893 | ---- | M] () -- C:\Users\Stefan\Documents\SupHybridEngine.zip
[2011.02.25 16:43:59 | 000,056,735 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011.02.23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.02.23 16:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.02.23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.02.19 06:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.19 06:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
 
========== Files Created - No Company Name ==========
 
[2011.03.15 09:15:03 | 000,005,120 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.15 08:52:40 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011.03.14 15:13:55 | 000,001,725 | ---- | C] () -- C:\Users\Stefan\Desktop\MySyncFolder.lnk
[2011.03.14 14:57:15 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.13 20:14:22 | 000,007,605 | ---- | C] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
[2011.03.13 19:22:26 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx
[2011.03.13 17:48:41 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2011.03.13 15:38:33 | 000,219,136 | ---- | C] () -- C:\Windows\System32\AsusService.exe
[2011.03.13 15:38:33 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2011.03.12 18:40:28 | 000,001,314 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.03.11 20:14:29 | 000,000,318 | -HS- | C] () -- C:\Windows\tasks\klcjpli.job
[2011.03.11 20:14:28 | 000,096,256 | RHS- | C] () -- C:\Windows\System32\AuthFWGPE.dll
[2011.03.10 14:19:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011.03.10 12:08:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011.03.10 11:57:09 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.03.09 23:17:58 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.03.09 23:17:58 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.03.06 00:03:56 | 000,274,432 | ---- | C] () -- C:\Windows\System32\370prop.ax
[2011.03.06 00:03:56 | 000,163,840 | ---- | C] () -- C:\Windows\System32\SM37XCoInst.dll
[2011.03.06 00:03:56 | 000,001,608 | ---- | C] () -- C:\Windows\Sensor.set
[2011.03.05 23:50:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011.03.04 12:06:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.02.26 08:20:41 | 000,000,776 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Europa Casino.lnk
[2011.02.26 08:09:56 | 000,000,797 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EuroGrand Casino.lnk
[2011.02.25 18:21:42 | 000,000,040 | -H-- | C] () -- C:\Windows\System32\ivireg.ivr
[2011.02.25 17:54:09 | 003,767,925 | ---- | C] () -- C:\Users\Stefan\Documents\KBFilter-V1_0_0_3.zip
[2011.02.25 17:30:28 | 005,370,929 | ---- | C] () -- C:\Users\Stefan\Documents\ASUSWebStorage2_0_40_1319.zip
[2011.02.25 17:20:07 | 313,979,198 | ---- | C] () -- C:\Users\Stefan\Documents\EG-1_2_17_25_User.zip
[2011.02.25 17:18:07 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2011.02.25 17:18:06 | 000,011,456 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.02.25 17:15:42 | 018,177,270 | ---- | C] () -- C:\Users\Stefan\Documents\ASUSVibe-V1_0_173.zip
[2011.02.25 17:15:16 | 016,137,804 | ---- | C] () -- C:\Users\Stefan\Documents\FontResizer-V1_01_0011.zip
[2011.02.25 17:14:57 | 019,713,439 | ---- | C] () -- C:\Users\Stefan\Documents\LiveUpdate_1_22.zip
[2011.02.25 17:14:41 | 006,304,265 | ---- | C] () -- C:\Users\Stefan\Documents\ASUSUpdt.zip
[2011.02.25 17:14:23 | 002,820,016 | ---- | C] () -- C:\Users\Stefan\Documents\CapsHook.zip
[2011.02.25 17:13:55 | 024,380,284 | ---- | C] () -- C:\Users\Stefan\Documents\ECam.zip
[2011.02.25 17:12:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.02.25 17:12:06 | 002,984,893 | ---- | C] () -- C:\Users\Stefan\Documents\SupHybridEngine.zip
[2011.02.25 16:56:45 | 000,001,413 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.02.25 16:43:45 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.02.25 16:43:33 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.02.25 16:39:04 | 1602,887,680 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,408,360 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.26 07:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2007.12.28 08:22:04 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

< End of report >

cosinus · 15.03.2011, 21:01

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
[2011.03.13 19:22:28 | 000,000,000 | -H-D | C] -- C:\dvmexp
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

creole · 15.03.2011, 21:53

Hey soweit hat es geklappt.

Hier der Output:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5862a5c0-40f5-11e0-a05c-806e6f6e6963}\ not found.
File D:\.\Bin\ASSETUP.exe not found.
C:\dvmexp\VAECONF folder moved successfully.
C:\dvmexp folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Stefan
->Temp folder emptied: 63377252 bytes
->Temporary Internet Files folder emptied: 23301886 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 94682364 bytes
->Google Chrome cache emptied: 124478270 bytes
->Flash cache emptied: 60728 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95145 bytes
RecycleBin emptied: 8118915 bytes
 
Total Files Cleaned = 300,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 03152011_214535

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

war es das jetzt? bin ich oder mein computer geheilt?

cosinus · 16.03.2011, 10:04

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

creole · 16.03.2011, 11:10

Hier wieder der Output:

Code:

ATTFilter

ComboFix 11-03-15.02 - Stefan 16.03.2011  10:53:13.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.2038.1188 [GMT 1:00]
ausgeführt von:: c:\users\Stefan\Downloads\cofi.exe.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-16 bis 2011-03-16  ))))))))))))))))))))))))))))))
.
.
2011-03-16 10:02 . 2011-03-16 10:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-16 09:32 . 2011-03-16 09:32	--------	d-----w-	c:\program files\CCleaner
2011-03-15 20:45 . 2011-03-15 20:45	--------	d-----w-	C:\_OTL
2011-03-14 13:57 . 2011-03-14 13:57	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-13 21:18 . 2011-03-13 21:24	--------	d-----w-	c:\program files\PakkISO
2011-03-13 20:16 . 2011-03-13 20:16	--------	d-----w-	c:\program files\Mozilla Thunderbird
2011-03-13 18:18 . 2011-03-13 18:21	--------	d-----w-	C:\ASUS.000
2011-03-13 18:17 . 2011-03-13 18:18	--------	d-----w-	C:\ASUS.SYS
2011-03-13 16:52 . 2011-03-13 16:52	--------	d-----w-	c:\program files\Common Files\Java
2011-03-13 16:48 . 2011-03-13 16:48	--------	d-----w-	c:\program files\Glary Utilities
2011-03-13 16:40 . 2011-03-13 16:44	--------	d-----w-	C:\aws
2011-03-13 16:40 . 2011-03-13 16:44	--------	d-----w-	C:\ASUS WebStorage
2011-03-13 14:38 . 2009-09-11 12:25	33768	----a-w-	c:\windows\system32\AsusSender.exe
2011-03-13 14:38 . 2009-08-18 16:35	219136	----a-w-	c:\windows\system32\AsusService.exe
2011-03-12 17:37 . 2011-03-12 17:37	--------	d--h--w-	c:\programdata\Common Files
2011-03-12 17:36 . 2011-03-16 09:39	--------	d-----w-	c:\programdata\AVG10
2011-03-12 17:18 . 2011-03-16 09:45	--------	d-----w-	c:\programdata\AVAST Software
2011-03-12 17:18 . 2011-03-12 17:18	--------	d-----w-	c:\program files\AVAST Software
2011-03-12 17:17 . 2011-03-12 17:36	--------	d-----w-	c:\programdata\MFAData
2011-03-12 17:15 . 2011-03-12 17:15	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2011-03-12 17:13 . 2011-03-12 17:13	--------	d-----w-	c:\program files\Microsoft Sync Framework
2011-03-12 17:13 . 2011-03-12 17:13	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2011-03-12 17:09 . 2011-03-12 17:09	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2011-03-12 17:08 . 2011-03-12 17:08	--------	d-----w-	c:\program files\Microsoft Analysis Services
2011-03-12 17:07 . 2011-03-12 17:30	--------	d-----w-	c:\programdata\Microsoft Help
2011-03-12 17:07 . 2011-03-12 17:07	--------	d-----r-	C:\MSOCache
2011-03-11 22:26 . 2011-03-11 22:26	--------	d-----w-	c:\programdata\Applications
2011-03-11 22:25 . 2008-05-30 13:19	507400	----a-w-	c:\windows\system32\XAudio2_1.dll
2011-03-11 22:25 . 2008-05-30 13:17	65032	----a-w-	c:\windows\system32\XAPOFX1_0.dll
2011-03-11 22:25 . 2008-05-30 13:17	25608	----a-w-	c:\windows\system32\X3DAudio1_4.dll
2011-03-11 22:25 . 2007-07-19 23:57	267112	----a-w-	c:\windows\system32\xactengine2_9.dll
2011-03-11 22:25 . 2007-07-19 23:54	18280	----a-w-	c:\windows\system32\x3daudio1_2.dll
2011-03-11 22:25 . 2007-04-04 17:53	81768	----a-w-	c:\windows\system32\xinput1_3.dll
2011-03-11 22:25 . 2007-03-12 15:42	3495784	----a-w-	c:\windows\system32\d3dx9_33.dll
2011-03-11 22:25 . 2011-03-11 22:25	--------	d-----w-	c:\program files\Microsoft XNA
2011-03-11 22:04 . 2011-02-02 20:40	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-03-11 22:03 . 2011-03-13 16:51	--------	d-----w-	c:\program files\Java
2011-03-11 19:14 . 2011-03-11 19:14	96256	--sha-r-	c:\windows\system32\AuthFWGPE.dll
2011-03-11 18:52 . 2011-03-11 18:52	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-03-11 18:52 . 2009-05-18 12:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-11 18:52 . 2008-04-17 11:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2011-03-11 18:51 . 2011-03-11 18:51	--------	d-----w-	c:\program files\iPod
2011-03-11 18:51 . 2011-03-11 18:52	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-11 18:51 . 2011-03-11 18:52	--------	d-----w-	c:\program files\iTunes
2011-03-11 10:36 . 2011-02-23 08:35	5943120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{88AB1B6C-4988-4719-8664-0F76FBB0A081}\mpengine.dll
2011-03-10 13:16 . 2009-01-09 16:18	27136	----a-w-	c:\windows\system32\drivers\RimSerial.sys
2011-03-10 13:16 . 2011-03-10 13:16	--------	d-----w-	c:\programdata\Research In Motion
2011-03-10 13:15 . 2011-03-10 13:16	--------	d-----w-	c:\program files\Common Files\Research In Motion
2011-03-10 13:15 . 2011-03-10 13:15	--------	d-----w-	c:\program files\Research In Motion
2011-03-10 13:12 . 2011-03-10 13:12	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2011-03-10 11:08 . 2011-03-10 11:08	--------	d-----w-	c:\program files\Microsoft IntelliPoint
2011-03-10 11:08 . 2011-03-10 11:08	--------	d-----w-	c:\windows\PCHEALTH
2011-03-10 10:58 . 2011-03-10 10:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-10 10:58 . 2011-03-10 10:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-10 10:58 . 2011-03-10 10:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-10 10:58 . 2011-03-10 10:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-10 10:58 . 2011-03-10 10:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-10 10:58 . 2011-03-10 10:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-10 10:58 . 2011-03-10 10:58	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-03-10 10:57 . 2011-03-11 18:51	--------	d-----w-	c:\programdata\Apple Computer
2011-03-10 10:57 . 2011-03-10 10:58	--------	d-----w-	c:\program files\QuickTime
2011-03-10 10:57 . 2011-03-10 10:57	--------	d-----w-	c:\program files\Apple Software Update
2011-03-10 10:56 . 2011-03-12 11:32	--------	d-----w-	c:\program files\Common Files\Apple
2011-03-10 10:56 . 2011-03-10 10:56	--------	d-----w-	c:\programdata\Apple
2011-03-09 22:06 . 2011-02-19 05:32	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-03-09 22:06 . 2011-02-19 05:33	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-03-09 22:06 . 2011-02-19 05:32	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-03-09 22:06 . 2010-12-23 05:28	850432	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 22:06 . 2010-12-23 05:28	642048	----a-w-	c:\windows\system32\CPFilters.dll
2011-03-09 22:06 . 2010-12-23 05:28	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 22:06 . 2010-12-23 05:24	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 22:06 . 2010-12-18 05:30	2690560	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 22:06 . 2010-12-18 05:26	1034240	----a-w-	c:\windows\system32\mstsc.exe
2011-03-06 02:45 . 2011-03-12 17:13	--------	d-----w-	c:\program files\Microsoft.NET
2011-03-05 23:08 . 2011-03-05 23:08	--------	d-----w-	C:\Intel
2011-03-05 23:08 . 2010-06-08 09:23	435736	----a-w-	c:\windows\system32\drivers\iaStor.sys
2011-03-05 23:08 . 2011-03-05 23:09	--------	d-----w-	c:\program files\Intel
2011-03-05 23:03 . 2011-03-05 23:03	--------	d-----w-	c:\windows\smFile
2011-03-05 23:03 . 2011-03-05 23:03	--------	d-----w-	c:\program files\Azurewave, SMI371L
2011-03-05 23:03 . 2009-12-25 01:10	937984	----a-w-	c:\windows\system32\RemoveSM37X.exe
2011-03-05 23:03 . 2009-12-25 01:10	2532864	----a-w-	c:\windows\system32\drivers\SMIexp.sys
2011-03-05 23:03 . 2009-12-25 01:10	181760	----a-w-	c:\windows\system32\drivers\SMIksdrv.sys
2011-03-05 23:03 . 2009-12-25 01:10	163840	----a-w-	c:\windows\system32\SM37XCoInst.dll
2011-03-05 23:03 . 2009-12-25 01:09	274432	----a-w-	c:\windows\system32\370prop.ax
2011-03-05 23:01 . 2011-03-05 23:01	--------	d-----w-	c:\windows\system32\x64
2011-03-05 23:01 . 2010-10-25 03:20	1006104	----a-w-	c:\windows\system32\igxpun.exe
2011-03-05 22:50 . 2011-03-05 22:50	--------	d-----w-	c:\program files\Synaptics
2011-03-05 14:12 . 2011-03-12 11:26	--------	d-----w-	c:\windows\system32\SupportAppCB
2011-03-04 11:14 . 2009-09-10 05:52	257024	----a-w-	c:\windows\system32\msv1_0.dll
2011-03-04 11:11 . 2009-11-25 11:47	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2011-03-04 11:11 . 2009-11-25 11:47	49472	----a-w-	c:\windows\system32\netfxperf.dll
2011-03-04 11:11 . 2009-11-25 11:47	297808	----a-w-	c:\windows\system32\mscoree.dll
2011-03-04 11:11 . 2009-11-25 11:47	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2011-03-04 11:11 . 2009-11-25 11:47	1130824	----a-w-	c:\windows\system32\dfshim.dll
2011-02-28 14:22 . 2010-02-11 07:10	293376	----a-w-	c:\windows\system32\browserchoice.exe
2011-02-28 14:20 . 2010-03-04 04:04	146304	----a-w-	c:\windows\system32\drivers\usbvideo.sys
2011-02-28 14:20 . 2010-03-04 03:57	190976	----a-w-	c:\windows\system32\drivers\ks.sys
2011-02-28 14:19 . 2011-02-28 14:19	--------	d-----w-	c:\program files\MSXML 4.0
2011-02-28 14:18 . 2010-09-14 06:07	276992	----a-w-	c:\windows\system32\wcncsvc.dll
2011-02-26 07:09 . 2011-02-26 07:20	--------	d-----w-	C:\Casino
2011-02-26 06:17 . 2009-09-03 07:04	1320960	----a-w-	c:\windows\system32\CertEnroll.dll
2011-02-26 06:16 . 2010-11-02 04:35	218624	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-02-26 06:13 . 2010-10-19 08:10	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-02-26 06:13 . 2010-02-27 07:32	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-02-26 06:13 . 2010-02-27 07:32	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-02-26 06:13 . 2010-02-27 07:32	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-02-26 06:12 . 2011-02-03 05:45	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-26 06:12 . 2010-11-02 04:46	728448	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-02-26 06:12 . 2010-11-02 04:23	107520	----a-w-	c:\windows\system32\cdd.dll
2011-02-25 22:24 . 2011-02-25 22:24	--------	d-----w-	c:\program files\Elantech
2011-02-25 22:24 . 2011-02-25 22:24	16896	----a-w-	c:\windows\AsTaskSched.dll
2011-02-25 16:41 . 2011-02-25 16:41	--------	d-----w-	c:\program files\Common Files\InterVideo
2011-02-25 16:39 . 2011-02-25 16:41	--------	d-----w-	c:\program files\InterVideo
2011-02-25 16:25 . 2011-02-25 16:25	--------	d-----w-	c:\program files\E-Cam
2011-02-25 16:24 . 2011-02-25 16:24	--------	d-----w-	c:\programdata\RSMR
2011-02-25 16:24 . 2011-02-25 16:24	--------	d-----w-	c:\programdata\EBI
2011-02-25 16:21 . 2011-03-16 09:39	--------	d-sh--w-	c:\windows\Installer
2011-02-25 16:18 . 2011-02-09 14:03	11832	----a-w-	c:\windows\system32\drivers\AsUpIO.sys
2011-02-25 16:18 . 2011-02-09 14:03	28672	----a-w-	c:\windows\system32\AsIO.dll
2011-02-25 16:18 . 2011-02-09 14:03	11456	----a-w-	c:\windows\system32\drivers\AsIO.sys
2011-02-25 16:18 . 2011-02-25 16:18	--------	d-----w-	c:\program files\Common Files\InstallShield
2011-02-25 16:16 . 2011-03-13 14:37	--------	d-----w-	c:\program files\ASUS
2011-02-25 16:13 . 2011-03-13 14:38	--------	d-----w-	c:\program files\EeePC
2011-02-25 16:13 . 2011-03-13 14:38	--------	d--h--w-	c:\program files\InstallShield Installation Information
2011-02-25 16:09 . 2011-02-02 16:11	222080	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-07 14:55 . 2011-01-07 14:55	40800	----a-w-	c:\windows\system32\drivers\point32.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"PenWrite"="c:\program files\ASUS\PenWrite\PenWrite.exe" [2010-01-19 543920]
"TouchHomeKey"="c:\program files\asus\TouchHomeKey\TouchHomeKey.exe" [2009-08-12 248496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"CapsHook"="AsusSender.exe" [2009-09-11 33768]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.88.169\AsusWSPanel.exe" [2011-03-04 734544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-18 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 102912]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2011-02-09 11832]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\asus\2DoorWayTouchSuite\AsusUacSvc.exe [2009-10-15 28848]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 usbsmi;USB2.0 UVC WebCam ;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-12-25 181760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-03-13 16:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: {4323EB34-1ACD-4F58-9C91-D75AB5193DC3} = 193.189.244.225 193.189.244.206
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3or8qltr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ETDWare - %ProgramFiles%\Elantech\ETDCtrl.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-03-16  11:06:57
ComboFix-quarantined-files.txt  2011-03-16 10:06
.
Vor Suchlauf: 9 Verzeichnis(se), 293.128.077.312 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 293.044.547.584 Bytes frei
.
- - End Of File - - B4CEF4C489B104EE3DFE7A1D1A613DD1

Ist was passiert? Vielleicht muss ich erwähnen dass das Programm mir weismachen wollte ich hätte Antivir gestartet, das stimmt aber nicht aber sogar extra meine beiden Virenschützer deinstalliert...

cosinus · 16.03.2011, 12:03

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

creole · 16.03.2011, 12:14

Hier iweder der Log, hoffe es ist der richtige:

Code:

ATTFilter

2011/03/16 12:12:19.0399 0112	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/16 12:12:20.0085 0112	================================================================================
2011/03/16 12:12:20.0101 0112	SystemInfo:
2011/03/16 12:12:20.0101 0112	
2011/03/16 12:12:20.0101 0112	OS Version: 6.1.7600 ServicePack: 0.0
2011/03/16 12:12:20.0101 0112	Product type: Workstation
2011/03/16 12:12:20.0101 0112	ComputerName: STEFAN-PC
2011/03/16 12:12:20.0101 0112	UserName: Stefan
2011/03/16 12:12:20.0101 0112	Windows directory: C:\Windows
2011/03/16 12:12:20.0101 0112	System windows directory: C:\Windows
2011/03/16 12:12:20.0101 0112	Processor architecture: Intel x86
2011/03/16 12:12:20.0101 0112	Number of processors: 2
2011/03/16 12:12:20.0101 0112	Page size: 0x1000
2011/03/16 12:12:20.0101 0112	Boot type: Normal boot
2011/03/16 12:12:20.0101 0112	================================================================================
2011/03/16 12:12:20.0647 0112	Initialize success
2011/03/16 12:12:24.0360 5784	================================================================================
2011/03/16 12:12:24.0360 5784	Scan started
2011/03/16 12:12:24.0360 5784	Mode: Manual; 
2011/03/16 12:12:24.0360 5784	================================================================================
2011/03/16 12:12:25.0265 5784	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/16 12:12:25.0343 5784	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/16 12:12:25.0389 5784	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/16 12:12:25.0467 5784	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/16 12:12:25.0530 5784	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/16 12:12:25.0561 5784	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/16 12:12:25.0701 5784	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/16 12:12:25.0764 5784	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/16 12:12:25.0826 5784	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/16 12:12:25.0873 5784	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/16 12:12:25.0920 5784	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/16 12:12:25.0982 5784	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/16 12:12:26.0029 5784	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/16 12:12:26.0060 5784	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/16 12:12:26.0123 5784	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/16 12:12:26.0169 5784	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/16 12:12:26.0232 5784	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/16 12:12:26.0279 5784	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/16 12:12:26.0403 5784	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/16 12:12:26.0450 5784	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/16 12:12:26.0528 5784	AsIO            (956c7177dbda0f02436868ad644ccf31) C:\Windows\system32\drivers\AsIO.sys
2011/03/16 12:12:26.0591 5784	AsUpIO          (a9a565c669786c402752f609afdd0dd5) C:\Windows\system32\drivers\AsUpIO.sys
2011/03/16 12:12:26.0684 5784	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/16 12:12:26.0731 5784	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/16 12:12:26.0825 5784	athr            (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
2011/03/16 12:12:26.0949 5784	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/16 12:12:27.0012 5784	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/16 12:12:27.0074 5784	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/16 12:12:27.0246 5784	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/16 12:12:27.0277 5784	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/16 12:12:27.0339 5784	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/16 12:12:27.0402 5784	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/16 12:12:27.0480 5784	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/16 12:12:27.0527 5784	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/16 12:12:27.0589 5784	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/16 12:12:27.0636 5784	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/16 12:12:27.0683 5784	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/03/16 12:12:27.0729 5784	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/16 12:12:27.0776 5784	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/03/16 12:12:27.0823 5784	BTHPORT         (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/03/16 12:12:27.0948 5784	BTHUSB          (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/03/16 12:12:28.0135 5784	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/16 12:12:28.0213 5784	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/16 12:12:28.0275 5784	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/16 12:12:28.0369 5784	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/16 12:12:28.0463 5784	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/16 12:12:28.0509 5784	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/16 12:12:28.0572 5784	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/16 12:12:28.0619 5784	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/16 12:12:28.0650 5784	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/16 12:12:28.0728 5784	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/16 12:12:28.0853 5784	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/16 12:12:28.0915 5784	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/16 12:12:28.0962 5784	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/16 12:12:29.0071 5784	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/16 12:12:29.0149 5784	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/16 12:12:29.0352 5784	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/16 12:12:29.0492 5784	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/16 12:12:29.0539 5784	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/16 12:12:29.0617 5784	ETD             (907c561d5f01133f247e4e2e74e20e30) C:\Windows\system32\DRIVERS\ETD.sys
2011/03/16 12:12:29.0711 5784	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/16 12:12:29.0742 5784	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/16 12:12:29.0820 5784	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/16 12:12:29.0898 5784	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/16 12:12:29.0929 5784	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/16 12:12:29.0991 5784	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/16 12:12:30.0054 5784	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/16 12:12:30.0116 5784	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/16 12:12:30.0179 5784	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/16 12:12:30.0288 5784	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/16 12:12:30.0350 5784	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/16 12:12:30.0397 5784	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/16 12:12:30.0459 5784	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/16 12:12:30.0522 5784	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/03/16 12:12:30.0584 5784	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/16 12:12:30.0631 5784	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/16 12:12:30.0678 5784	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/16 12:12:30.0771 5784	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/16 12:12:30.0849 5784	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/16 12:12:30.0943 5784	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/16 12:12:31.0021 5784	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/16 12:12:31.0083 5784	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/16 12:12:31.0130 5784	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/16 12:12:31.0239 5784	iaStor          (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/16 12:12:31.0317 5784	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/16 12:12:31.0551 5784	igfx            (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/16 12:12:31.0629 5784	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/16 12:12:31.0723 5784	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/16 12:12:31.0770 5784	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/16 12:12:31.0848 5784	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/16 12:12:31.0895 5784	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/16 12:12:31.0957 5784	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/16 12:12:32.0019 5784	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/16 12:12:32.0066 5784	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/16 12:12:32.0129 5784	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/16 12:12:32.0191 5784	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/16 12:12:32.0253 5784	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/16 12:12:32.0316 5784	kbfiltr         (3eb803312987ff44265c87cb960df6ab) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/03/16 12:12:32.0363 5784	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/16 12:12:32.0441 5784	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/16 12:12:32.0503 5784	L1C             (6c32bfeab708915d6bbf4b20d4f3ef7b) C:\Windows\system32\DRIVERS\L1C62x86.sys
2011/03/16 12:12:32.0628 5784	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/16 12:12:32.0706 5784	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/16 12:12:32.0753 5784	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/16 12:12:32.0799 5784	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/16 12:12:32.0846 5784	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/16 12:12:32.0893 5784	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/16 12:12:33.0002 5784	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/16 12:12:33.0065 5784	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/16 12:12:33.0158 5784	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/16 12:12:33.0221 5784	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/16 12:12:33.0267 5784	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/16 12:12:33.0345 5784	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/16 12:12:33.0392 5784	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/16 12:12:33.0455 5784	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/16 12:12:33.0501 5784	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/16 12:12:33.0595 5784	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/16 12:12:33.0657 5784	mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/16 12:12:33.0735 5784	mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/16 12:12:33.0813 5784	mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/16 12:12:33.0860 5784	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/16 12:12:33.0907 5784	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/16 12:12:34.0001 5784	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/16 12:12:34.0063 5784	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/16 12:12:34.0094 5784	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/16 12:12:34.0172 5784	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/16 12:12:34.0235 5784	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/16 12:12:34.0281 5784	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/16 12:12:34.0328 5784	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/16 12:12:34.0391 5784	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/16 12:12:34.0437 5784	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/16 12:12:34.0500 5784	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/16 12:12:34.0531 5784	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/16 12:12:34.0609 5784	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/16 12:12:34.0671 5784	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/16 12:12:34.0734 5784	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/16 12:12:34.0796 5784	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/16 12:12:34.0843 5784	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/16 12:12:34.0874 5784	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/16 12:12:34.0921 5784	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/16 12:12:34.0983 5784	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/16 12:12:35.0030 5784	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/16 12:12:35.0139 5784	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/16 12:12:35.0202 5784	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/16 12:12:35.0311 5784	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/16 12:12:35.0420 5784	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/16 12:12:35.0467 5784	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/16 12:12:35.0514 5784	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/16 12:12:35.0561 5784	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/16 12:12:35.0623 5784	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/16 12:12:35.0654 5784	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/16 12:12:35.0779 5784	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/16 12:12:35.0810 5784	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/16 12:12:35.0857 5784	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/16 12:12:35.0919 5784	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/16 12:12:35.0982 5784	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/16 12:12:36.0029 5784	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/16 12:12:36.0075 5784	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/16 12:12:36.0138 5784	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/16 12:12:36.0387 5784	Point32         (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys
2011/03/16 12:12:36.0481 5784	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/16 12:12:36.0528 5784	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/16 12:12:36.0621 5784	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/16 12:12:36.0715 5784	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/16 12:12:36.0762 5784	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/16 12:12:36.0840 5784	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/16 12:12:36.0871 5784	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/16 12:12:36.0918 5784	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/16 12:12:36.0980 5784	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/16 12:12:37.0043 5784	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/16 12:12:37.0089 5784	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/16 12:12:37.0152 5784	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/16 12:12:37.0199 5784	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/16 12:12:37.0261 5784	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/16 12:12:37.0323 5784	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/16 12:12:37.0386 5784	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/16 12:12:37.0448 5784	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/16 12:12:37.0511 5784	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/16 12:12:37.0573 5784	regi            (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/03/16 12:12:37.0667 5784	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/03/16 12:12:37.0745 5784	RimUsb          (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys
2011/03/16 12:12:37.0807 5784	RimVSerPort     (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/03/16 12:12:37.0854 5784	ROOTMODEM       (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/03/16 12:12:37.0947 5784	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/16 12:12:37.0994 5784	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/16 12:12:38.0072 5784	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/16 12:12:38.0181 5784	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/16 12:12:38.0259 5784	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/16 12:12:38.0322 5784	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/16 12:12:38.0353 5784	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/16 12:12:38.0478 5784	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/16 12:12:38.0525 5784	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/16 12:12:38.0587 5784	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/16 12:12:38.0618 5784	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/16 12:12:38.0712 5784	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/16 12:12:38.0759 5784	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/16 12:12:38.0821 5784	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/16 12:12:38.0883 5784	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/16 12:12:38.0977 5784	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/16 12:12:39.0102 5784	srv             (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/16 12:12:39.0180 5784	srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/16 12:12:39.0273 5784	srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/16 12:12:39.0367 5784	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/16 12:12:39.0429 5784	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/16 12:12:39.0523 5784	SynTP           (bd8e7f87de409a745a132a8812de5a96) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/16 12:12:39.0679 5784	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/03/16 12:12:39.0819 5784	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/16 12:12:39.0944 5784	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/16 12:12:40.0038 5784	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/16 12:12:40.0100 5784	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/16 12:12:40.0178 5784	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/16 12:12:40.0225 5784	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/16 12:12:40.0381 5784	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/16 12:12:40.0459 5784	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/16 12:12:40.0521 5784	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/16 12:12:40.0568 5784	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/16 12:12:40.0677 5784	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/16 12:12:40.0755 5784	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/16 12:12:40.0802 5784	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/16 12:12:40.0896 5784	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/16 12:12:40.0974 5784	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/16 12:12:41.0036 5784	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/16 12:12:41.0099 5784	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/16 12:12:41.0161 5784	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/16 12:12:41.0208 5784	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/16 12:12:41.0333 5784	usbsmi          (6496f6a34fca3d68fdbcdfb269c1c046) C:\Windows\system32\DRIVERS\SMIksdrv.sys
2011/03/16 12:12:41.0379 5784	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/16 12:12:41.0442 5784	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/16 12:12:41.0504 5784	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/03/16 12:12:41.0582 5784	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/16 12:12:41.0660 5784	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/16 12:12:41.0723 5784	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/16 12:12:41.0769 5784	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/16 12:12:41.0816 5784	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/03/16 12:12:41.0863 5784	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/16 12:12:41.0925 5784	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/16 12:12:41.0988 5784	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/16 12:12:42.0050 5784	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/16 12:12:42.0097 5784	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/16 12:12:42.0144 5784	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/16 12:12:42.0222 5784	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/16 12:12:42.0284 5784	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/16 12:12:42.0331 5784	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/03/16 12:12:42.0425 5784	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/16 12:12:42.0471 5784	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/16 12:12:42.0503 5784	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/16 12:12:42.0627 5784	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/16 12:12:42.0690 5784	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/16 12:12:42.0830 5784	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/16 12:12:42.0877 5784	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/16 12:12:43.0049 5784	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/16 12:12:43.0205 5784	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/16 12:12:43.0314 5784	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/16 12:12:43.0376 5784	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/16 12:12:43.0735 5784	================================================================================
2011/03/16 12:12:43.0735 5784	Scan finished
2011/03/16 12:12:43.0735 5784	================================================================================

cosinus · 16.03.2011, 12:29

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

15.03.2011, 16:15	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Unerwünschte Googleweiterleitung Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

15.03.2011, 16:47	#7
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Unerwünschte Googleweiterleitung Das erste OTL-Log ist unvollständig. __________________ Logfiles bitte immer in CODE-Tags posten

16.03.2011, 12:03	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Unerwünschte Googleweiterleitung Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html __________________ Logfiles bitte immer in CODE-Tags posten

Unerwünschte Googleweiterleitung

Plagegeister aller Art und deren Bekämpfung: Unerwünschte Googleweiterleitung