Trojaner-Board - Musik startet bei Windows Start im Hintergrund

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Musik startet bei Windows Start im Hintergrund (https://www.trojaner-board.de/100098-musik-startet-windows-start-hintergrund.html)

Musik startet bei Windows Start im Hintergrund

Hallo Board,
ich hatte mir gestern leider einen Fakehack unter die Nase reiben lassen (Hack in einem Spiel) und ihn ausgeführt. Dann startete eine komische Musik (Hört sich an wie bei Core Keygens oder auch ein wenig was von Tetris).
Habe den PC ausgemacht und wieder an, darauf hin hat das Booten länger gedauert, vorallem bei Willkommen gab es bei Windows 7 eine längere Wartezeit.
Dann fängt wieder die Musik an, welche in einer Endlosschleife ist.
Habe dann in den Audioeinstellungen das hier gefunden:
http://i52.tinypic.com/2hcev4g.jpg
Wenn ich bei "Name nicht verfügbar" den Ton runter machen möchte geht er auf die Lautstärke von "Lautsprecher" = Max. und lautlos geht es erst recht nicht.
Habe mit CCleaner schon in den Autostart geschaut
http://i52.tinypic.com/1z20w8k.jpg
Avira AntiVir Personal hat gestern sich auch zu Wort gemeldet:
http://i54.tinypic.com/oj120p.jpg
Geholfen hat das in Quarantäne verschieben aber nicht.
OTL:
OTL Logfile:

Code:

OTL logfile created on: 08.06.2011 15:23:20 - Run 2

OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\***\Downloads

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,00% Memory free

7,99 Gb Paging File | 5,84 Gb Available in Paging File | 73,02% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286,27 Gb Total Space | 98,36 Gb Free Space | 34,36% Space Free | Partition Type: NTFS

 

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.06.08 15:07:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe

PRC - [2011.06.07 21:44:21 | 000,826,368 | ---- | M] () -- C:\Windows\winaudio\winaudio.exe

PRC - [2011.05.11 15:10:44 | 000,167,040 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

PRC - [2011.05.10 22:28:30 | 003,769,048 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

PRC - [2011.05.10 22:27:38 | 005,607,080 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

PRC - [2011.05.10 22:21:12 | 003,834,456 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe

PRC - [2011.05.10 22:18:34 | 003,585,696 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe

PRC - [2011.05.10 22:18:08 | 003,515,656 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

PRC - [2011.05.01 10:57:51 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011.04.27 11:32:15 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.03.18 17:27:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010.11.04 13:24:53 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.10.07 14:03:07 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe

PRC - [2010.10.07 14:03:00 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2010.03.06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2010.02.22 05:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

PRC - [2009.09.25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.06.08 15:07:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe

MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010.10.27 04:51:36 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2011.06.07 21:44:21 | 000,826,368 | ---- | M] () [Auto | Running] -- C:\Windows\winaudio\winaudio.exe -- (winaudio)

SRV - [2011.05.18 15:06:58 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_8832f4b.dll -- (Akamai)

SRV - [2011.05.11 15:10:44 | 000,167,040 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)

SRV - [2011.05.10 22:28:30 | 003,769,048 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)

SRV - [2011.05.10 22:21:12 | 003,834,456 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe -- (SDMonitorService)

SRV - [2011.05.10 22:18:34 | 003,585,696 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe -- (SDFirewallService)

SRV - [2011.05.10 22:18:08 | 003,515,656 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)

SRV - [2011.04.27 11:32:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.03.18 17:27:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010.11.29 22:42:40 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010.10.07 14:03:07 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)

SRV - [2010.10.07 14:03:00 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV - [2009.09.25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009.09.11 07:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2008.08.01 14:31:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2007.12.17 06:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)

SRV - [2007.01.11 06:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2010.11.22 17:40:42 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2010.10.27 06:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010.10.27 06:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010.10.27 04:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010.07.17 19:15:05 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2010.01.01 19:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2009.10.19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009.10.08 04:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.10.08 04:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.09.30 19:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009.09.21 21:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.09.02 19:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009.08.24 03:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009.07.14 01:31:08 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnpmem.sys -- (PNPMEM)

DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009.06.20 13:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)

DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)

DRV:64bit: - [2009.06.11 23:34:38 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2009.05.25 05:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009.05.09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2009.01.09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2008.05.20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV - [2009.09.02 19:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27360710w106l0448z1l5t4571g742

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27360710w106l0448z1l5t4571g742

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27360710w106l0448z1l5t4571g742

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27360710w106l0448z1l5t4571g742

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27360710w106l0448z1l5t4571g742

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2

FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.6.1

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.10 19:33:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.10 19:33:45 | 000,000,000 | ---D | M]

 

[2010.10.13 15:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2010.10.13 15:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2011.06.08 15:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3sji9i5g.default\extensions

[2010.11.15 22:34:44 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3sji9i5g.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

[2010.08.26 19:15:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3sji9i5g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010.12.11 21:04:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3sji9i5g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.12.17 19:00:15 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3sji9i5g.default\extensions\autofillForms@blueimp.net

[2010.07.17 19:56:56 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3sji9i5g.default\extensions\battlefieldheroespatcher@ea.com

[2011.06.04 21:21:22 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3sji9i5g.default\searchplugins\icqplugin-1.xml

[2010.07.31 21:14:31 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3sji9i5g.default\searchplugins\icqplugin-2.xml

[2010.07.24 18:10:33 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3sji9i5g.default\searchplugins\icqplugin.xml

[2011.02.28 20:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2010.09.23 22:27:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.09.23 22:27:34 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.03.26 23:59:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.03.26 23:59:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.03.26 23:59:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.03.26 23:59:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.03.26 23:59:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.07.03 03:08:57 | 000,001,262 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com
 

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - Winlogon\Notify\SDWinLogon: DllName - SDWinLogon.dll -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\IconPackager\iprepair.dll (Stardock.net, Inc)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{630a58c7-a0b4-11df-963f-00262d96f353}\Shell - "" = AutoRun

O33 - MountPoints2\{630a58c7-a0b4-11df-963f-00262d96f353}\Shell\AutoRun\command - "" = H:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.06.07 22:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

[2011.06.07 22:05:50 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe

[2011.06.07 22:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2

[2011.06.07 21:44:21 | 000,000,000 | ---D | C] -- C:\Windows\winaudio

[2011.05.28 01:04:10 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\FidoCFNA

[2011.05.23 15:27:00 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour

[2011.05.23 15:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2011.05.10 19:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.05.10 19:34:31 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2011.05.10 19:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2011.05.10 19:34:31 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2011.05.10 19:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011.05.10 19:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2010.10.06 22:10:57 | 004,322,304 | ---- | C] (HUGO @ Underground-Economy.biz) -- C:\Users\***\AppData\Local\27940.exe

[2009.10.29 06:22:35 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.06.08 15:21:57 | 000,221,816 | ---- | M] () -- C:\Users\***\Desktop\cc.jpg

[2011.06.08 15:18:11 | 000,079,534 | ---- | M] () -- C:\Users\***\Desktop\mixxer.jpg

[2011.06.08 15:07:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.06.08 14:59:01 | 000,009,810 | ---- | M] () -- C:\Users\***\Desktop\Scan Results.2011-06-08 14-58-33

[2011.06.08 14:34:01 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-48628965-1448607946-2689766442-1001UA.job

[2011.06.08 14:20:10 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.06.08 14:20:10 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.06.08 14:12:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.06.08 14:12:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.06.08 14:12:05 | 3219,935,232 | -HS- | M] () -- C:\hiberfil.sys

[2011.06.07 22:24:50 | 465,025,793 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.06.07 22:05:51 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2011.06.07 18:33:18 | 001,501,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.06.07 18:33:18 | 000,654,334 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.06.07 18:33:18 | 000,615,958 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.06.07 18:33:18 | 000,131,158 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.06.07 18:33:18 | 000,107,594 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.06.07 17:34:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-48628965-1448607946-2689766442-1001Core.job

 
 ========== Files Created - No Company Name ==========

 

[2011.06.08 15:21:56 | 000,221,816 | ---- | C] () -- C:\Users\***\Desktop\cc.jpg

[2011.06.08 15:18:09 | 000,079,534 | ---- | C] () -- C:\Users\***\Desktop\mixxer.jpg

[2011.06.08 14:59:01 | 000,009,810 | ---- | C] () -- C:\Users\***\Desktop\Scan Results.2011-06-08 14-58-33

[2011.06.07 22:09:19 | 465,025,793 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011.06.07 22:05:51 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

[2011.06.07 22:05:51 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

[2011.05.10 19:33:18 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2010.10.13 17:52:40 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin

[2010.09.20 19:08:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010.08.08 11:44:16 | 000,000,098 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat

[2010.08.08 00:27:45 | 001,527,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.08.08 00:24:38 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2010.07.18 12:06:08 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2010.07.17 20:25:15 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010.07.17 20:25:11 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe

[2010.07.17 20:25:11 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010.07.17 01:43:59 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010.07.09 17:04:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010.07.08 18:15:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.07.06 18:18:37 | 000,013,824 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.07.06 14:08:43 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2010.07.06 14:08:43 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2010.07.06 14:08:43 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2010.07.06 14:08:43 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2010.07.06 14:08:43 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat

[2010.07.06 14:08:43 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2010.07.06 14:08:43 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2010.07.06 14:08:43 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2010.07.06 14:08:43 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2010.07.06 14:08:43 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2010.07.06 14:08:43 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat

[2010.07.06 14:08:43 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat

[2010.07.06 14:08:43 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2010.07.06 14:08:43 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2010.07.06 14:08:42 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2010.07.06 14:08:42 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2010.07.06 14:08:42 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2010.07.06 14:08:42 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2010.07.06 14:08:42 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2010.07.03 10:25:51 | 000,003,810 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat

[2010.07.03 03:34:08 | 000,000,067 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010.07.03 01:40:01 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2010.07.03 01:39:42 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2010.03.23 03:41:39 | 000,001,745 | ---- | C] () -- C:\Windows\WPatchProgress.ini

[2010.03.22 19:30:57 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini

[2010.03.22 19:11:30 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2010.03.22 19:11:30 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2010.03.22 19:11:30 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe

[2010.03.22 19:11:30 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini

[2009.10.28 20:51:17 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini

[2009.10.28 20:51:17 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini

[2009.10.28 20:51:17 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini

[2009.10.28 20:02:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009.07.13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2009.07.13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll

[2002.09.18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

 
 ========== LOP Check ==========

 

[2010.10.14 13:25:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft

[2010.12.12 01:48:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity

[2010.10.13 17:44:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blackberry Desktop

[2010.07.26 19:24:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010.08.05 23:20:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite

[2010.11.25 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson

[2010.09.17 23:37:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2011.04.09 21:00:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ

[2010.07.23 14:48:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware

[2010.07.31 19:20:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX

[2010.10.15 16:38:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2010.12.03 21:32:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy

[2010.08.23 16:46:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst

[2010.10.13 17:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion

[2010.07.04 18:17:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2011.03.22 15:25:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synthesia

[2011.06.07 22:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sysutils_Update

[2010.07.24 17:58:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template

[2010.09.29 20:30:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TubeBox

[2010.07.03 18:25:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent

[2010.09.30 19:34:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ViquaSoft

[2011.04.07 11:28:57 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:444C53BA

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
 

< End of report >

--- --- ---

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Neue LOG-Datei von Malwarebytes:

Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6809

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.06.2011 18:06:41
LogDatei

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 483625
Laufzeit: 1 Stunde(n), 54 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

[2010.10.06 22:10:57 | 004,322,304 | ---- | C] (HUGO @ Underground-Economy.biz) -- C:\Users\***\AppData\Local\27940.exe

[2009.10.29 06:22:35 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{630a58c7-a0b4-11df-963f-00262d96f353}\Shell - "" = AutoRun

O33 - MountPoints2\{630a58c7-a0b4-11df-963f-00262d96f353}\Shell\AutoRun\command - "" = H:\autorun.exe

@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:444C53BA

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Code:

========== OTL ==========

C:\Users\***\AppData\Local\27940.exe moved successfully.

C:\ProgramData\FullRemove.exe moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{630a58c7-a0b4-11df-963f-00262d96f353}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630a58c7-a0b4-11df-963f-00262d96f353}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{630a58c7-a0b4-11df-963f-00262d96f353}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630a58c7-a0b4-11df-963f-00262d96f353}\ not found.

File H:\autorun.exe not found.

ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.

ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.

ADS C:\ProgramData\Temp:93DE1838 deleted successfully.

ADS C:\ProgramData\Temp:444C53BA deleted successfully.

ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.

ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.23.0 log created on 06092011_145825

------
Die Musik ist immer noch da - Jingle Bells :(

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:



2011/06/09 15:41:50.0461 0792        TDSS rootkit removing tool 2.5.4.0 Jun  7 2011 17:31:48

2011/06/09 15:41:50.0970 0792        ================================================================================

2011/06/09 15:41:50.0971 0792        SystemInfo:

2011/06/09 15:41:50.0971 0792        

2011/06/09 15:41:50.0971 0792        OS Version: 6.1.7600 ServicePack: 0.0

2011/06/09 15:41:50.0971 0792        Product type: Workstation

2011/06/09 15:41:50.0972 0792        ComputerName: ***-PC

2011/06/09 15:41:50.0972 0792        UserName: ***

2011/06/09 15:41:50.0972 0792        Windows directory: C:\Windows

2011/06/09 15:41:50.0972 0792        System windows directory: C:\Windows

2011/06/09 15:41:50.0972 0792        Running under WOW64

2011/06/09 15:41:50.0972 0792        Processor architecture: Intel x64

2011/06/09 15:41:50.0972 0792        Number of processors: 2

2011/06/09 15:41:50.0972 0792        Page size: 0x1000

2011/06/09 15:41:50.0972 0792        Boot type: Normal boot

2011/06/09 15:41:50.0972 0792        ================================================================================

2011/06/09 15:41:52.0543 0792        Initialize success

2011/06/09 15:42:04.0006 1504        ================================================================================

2011/06/09 15:42:04.0006 1504        Scan started

2011/06/09 15:42:04.0006 1504        Mode: Manual; 

2011/06/09 15:42:04.0006 1504        ================================================================================

2011/06/09 15:42:04.0780 1504        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/06/09 15:42:04.0921 1504        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2011/06/09 15:42:04.0964 1504        AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/06/09 15:42:05.0077 1504        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/06/09 15:42:05.0232 1504        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/06/09 15:42:05.0390 1504        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/06/09 15:42:05.0646 1504        AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2011/06/09 15:42:05.0814 1504        AgereSoftModem  (2173e070647ac68c16b8214fe5c05ec3) C:\Windows\system32\DRIVERS\agrsm64.sys

2011/06/09 15:42:05.0925 1504        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2011/06/09 15:42:06.0081 1504        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2011/06/09 15:42:06.0105 1504        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2011/06/09 15:42:06.0140 1504        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/06/09 15:42:06.0453 1504        amdkmdag        (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/06/09 15:42:06.0807 1504        amdkmdap        (f712c26d40bf3cd2c020bb518e8150b1) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/06/09 15:42:06.0865 1504        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/06/09 15:42:07.0053 1504        amdsata         (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys

2011/06/09 15:42:07.0173 1504        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/06/09 15:42:07.0290 1504        amdxata         (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys

2011/06/09 15:42:07.0413 1504        ApfiltrService  (9815014f3e30357168da272088c6f12f) C:\Windows\system32\DRIVERS\Apfiltr.sys

2011/06/09 15:42:07.0458 1504        AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2011/06/09 15:42:07.0565 1504        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/06/09 15:42:07.0610 1504        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/06/09 15:42:07.0729 1504        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/06/09 15:42:07.0787 1504        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2011/06/09 15:42:07.0913 1504        athr            (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys

2011/06/09 15:42:08.0050 1504        AtiHdmiService  (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys

2011/06/09 15:42:08.0332 1504        atikmdag        (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/06/09 15:42:08.0464 1504        AtiPcie         (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys

2011/06/09 15:42:08.0576 1504        avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/06/09 15:42:08.0684 1504        avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys

2011/06/09 15:42:08.0755 1504        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/06/09 15:42:08.0869 1504        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/06/09 15:42:08.0948 1504        BCM43XX         (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

2011/06/09 15:42:09.0090 1504        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/06/09 15:42:09.0223 1504        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/06/09 15:42:09.0392 1504        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

2011/06/09 15:42:09.0443 1504        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/06/09 15:42:09.0459 1504        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/06/09 15:42:09.0487 1504        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/06/09 15:42:09.0572 1504        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/06/09 15:42:09.0608 1504        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/06/09 15:42:09.0626 1504        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/06/09 15:42:09.0645 1504        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/06/09 15:42:09.0776 1504        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/06/09 15:42:09.0904 1504        cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2011/06/09 15:42:09.0964 1504        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/06/09 15:42:10.0085 1504        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/06/09 15:42:10.0213 1504        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/06/09 15:42:10.0244 1504        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2011/06/09 15:42:10.0377 1504        CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2011/06/09 15:42:10.0485 1504        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/06/09 15:42:10.0563 1504        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/06/09 15:42:10.0659 1504        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/06/09 15:42:10.0815 1504        DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2011/06/09 15:42:10.0870 1504        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/06/09 15:42:10.0960 1504        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/06/09 15:42:11.0112 1504        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/06/09 15:42:11.0177 1504        DXGKrnl         (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2011/06/09 15:42:11.0373 1504        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/06/09 15:42:11.0661 1504        ElbyCDIO        (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys

2011/06/09 15:42:11.0730 1504        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/06/09 15:42:11.0899 1504        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2011/06/09 15:42:11.0962 1504        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/06/09 15:42:12.0109 1504        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/06/09 15:42:12.0268 1504        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/06/09 15:42:12.0486 1504        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/06/09 15:42:12.0514 1504        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/06/09 15:42:12.0632 1504        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/06/09 15:42:12.0683 1504        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2011/06/09 15:42:12.0800 1504        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/06/09 15:42:12.0917 1504        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/06/09 15:42:12.0974 1504        fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

2011/06/09 15:42:13.0074 1504        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/06/09 15:42:13.0158 1504        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/06/09 15:42:13.0343 1504        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/06/09 15:42:13.0410 1504        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2011/06/09 15:42:13.0513 1504        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/06/09 15:42:13.0577 1504        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/06/09 15:42:13.0644 1504        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/06/09 15:42:13.0677 1504        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/06/09 15:42:13.0736 1504        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2011/06/09 15:42:13.0840 1504        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/06/09 15:42:13.0996 1504        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2011/06/09 15:42:14.0133 1504        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2011/06/09 15:42:14.0178 1504        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/06/09 15:42:14.0289 1504        iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/06/09 15:42:14.0488 1504        igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/06/09 15:42:14.0773 1504        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/06/09 15:42:14.0946 1504        IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys

2011/06/09 15:42:15.0073 1504        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2011/06/09 15:42:15.0103 1504        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/06/09 15:42:15.0149 1504        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/06/09 15:42:15.0254 1504        IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/06/09 15:42:15.0295 1504        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/06/09 15:42:15.0406 1504        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/06/09 15:42:15.0448 1504        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2011/06/09 15:42:15.0529 1504        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/06/09 15:42:15.0595 1504        k57nd60a        (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys

2011/06/09 15:42:15.0693 1504        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/06/09 15:42:15.0816 1504        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/06/09 15:42:15.0875 1504        KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2011/06/09 15:42:16.0015 1504        KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2011/06/09 15:42:16.0094 1504        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/06/09 15:42:16.0185 1504        L1E             (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys

2011/06/09 15:42:16.0263 1504        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/06/09 15:42:16.0389 1504        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/06/09 15:42:16.0424 1504        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/06/09 15:42:16.0509 1504        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/06/09 15:42:16.0546 1504        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/06/09 15:42:16.0593 1504        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/06/09 15:42:16.0747 1504        MBAMProtector   (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys

2011/06/09 15:42:16.0821 1504        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/06/09 15:42:16.0852 1504        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/06/09 15:42:16.0953 1504        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/06/09 15:42:17.0067 1504        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/06/09 15:42:17.0113 1504        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/06/09 15:42:17.0218 1504        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/06/09 15:42:17.0257 1504        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2011/06/09 15:42:17.0305 1504        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2011/06/09 15:42:17.0472 1504        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/06/09 15:42:17.0544 1504        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2011/06/09 15:42:17.0686 1504        mrxsmb          (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/06/09 15:42:17.0738 1504        mrxsmb10        (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/06/09 15:42:17.0776 1504        mrxsmb20        (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/06/09 15:42:17.0862 1504        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2011/06/09 15:42:17.0894 1504        msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2011/06/09 15:42:17.0943 1504        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/06/09 15:42:18.0032 1504        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/06/09 15:42:18.0056 1504        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/06/09 15:42:18.0094 1504        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/06/09 15:42:18.0168 1504        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/06/09 15:42:18.0195 1504        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/06/09 15:42:18.0228 1504        MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2011/06/09 15:42:18.0336 1504        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/06/09 15:42:18.0362 1504        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/06/09 15:42:18.0393 1504        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/06/09 15:42:18.0481 1504        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/06/09 15:42:18.0509 1504        mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

2011/06/09 15:42:18.0532 1504        mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

2011/06/09 15:42:18.0628 1504        mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

2011/06/09 15:42:18.0689 1504        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/06/09 15:42:18.0796 1504        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2011/06/09 15:42:18.0918 1504        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/06/09 15:42:18.0954 1504        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/06/09 15:42:18.0978 1504        Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/06/09 15:42:19.0077 1504        NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/06/09 15:42:19.0113 1504        NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2011/06/09 15:42:19.0216 1504        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/06/09 15:42:19.0288 1504        NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2011/06/09 15:42:19.0397 1504        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/06/09 15:42:19.0460 1504        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/06/09 15:42:19.0553 1504        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/06/09 15:42:19.0626 1504        Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2011/06/09 15:42:19.0770 1504        NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

2011/06/09 15:42:19.0824 1504        NuidFltr        (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys

2011/06/09 15:42:19.0917 1504        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/06/09 15:42:19.0963 1504        nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2011/06/09 15:42:19.0986 1504        nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2011/06/09 15:42:20.0008 1504        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/06/09 15:42:20.0099 1504        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/06/09 15:42:20.0158 1504        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/06/09 15:42:20.0202 1504        partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2011/06/09 15:42:20.0304 1504        pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2011/06/09 15:42:20.0353 1504        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2011/06/09 15:42:20.0382 1504        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/06/09 15:42:20.0495 1504        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/06/09 15:42:20.0554 1504        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/06/09 15:42:20.0804 1504        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2011/06/09 15:42:20.0854 1504        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/06/09 15:42:20.0969 1504        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2011/06/09 15:42:21.0032 1504        PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

2011/06/09 15:42:21.0160 1504        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/06/09 15:42:21.0282 1504        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/06/09 15:42:21.0395 1504        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/06/09 15:42:21.0426 1504        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/06/09 15:42:21.0455 1504        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/06/09 15:42:21.0565 1504        Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/06/09 15:42:21.0624 1504        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/06/09 15:42:21.0726 1504        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/06/09 15:42:21.0790 1504        rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2011/06/09 15:42:21.0887 1504        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/06/09 15:42:21.0931 1504        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/06/09 15:42:21.0955 1504        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/06/09 15:42:22.0038 1504        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/06/09 15:42:22.0080 1504        RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2011/06/09 15:42:22.0116 1504        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2011/06/09 15:42:22.0272 1504        RimUsb          (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

2011/06/09 15:42:22.0354 1504        RimVSerPort     (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

2011/06/09 15:42:22.0453 1504        ROOTMODEM       (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

2011/06/09 15:42:22.0508 1504        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/06/09 15:42:22.0619 1504        RSUSBSTOR       (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys

2011/06/09 15:42:22.0678 1504        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/06/09 15:42:22.0772 1504        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2011/06/09 15:42:22.0952 1504        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/06/09 15:42:23.0016 1504        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/06/09 15:42:23.0033 1504        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/06/09 15:42:23.0053 1504        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/06/09 15:42:23.0091 1504        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/06/09 15:42:23.0166 1504        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/06/09 15:42:23.0191 1504        sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/06/09 15:42:23.0208 1504        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/06/09 15:42:23.0237 1504        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/06/09 15:42:23.0257 1504        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/06/09 15:42:23.0282 1504        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/06/09 15:42:23.0393 1504        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/06/09 15:42:23.0496 1504        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

2011/06/09 15:42:23.0496 1504        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

2011/06/09 15:42:23.0502 1504        sptd - detected LockedFile.Multi.Generic (1)

2011/06/09 15:42:23.0613 1504        srv             (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys

2011/06/09 15:42:23.0717 1504        srv2            (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys

2011/06/09 15:42:23.0778 1504        SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

2011/06/09 15:42:23.0906 1504        SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

2011/06/09 15:42:24.0039 1504        SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

2011/06/09 15:42:24.0158 1504        srvnet          (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys

2011/06/09 15:42:24.0295 1504        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/06/09 15:42:24.0339 1504        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2011/06/09 15:42:24.0539 1504        Tcpip           (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2011/06/09 15:42:24.0725 1504        TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2011/06/09 15:42:24.0833 1504        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/06/09 15:42:24.0878 1504        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/06/09 15:42:24.0904 1504        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/06/09 15:42:24.0995 1504        tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2011/06/09 15:42:25.0048 1504        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2011/06/09 15:42:25.0180 1504        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/06/09 15:42:25.0289 1504        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2011/06/09 15:42:25.0323 1504        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/06/09 15:42:25.0366 1504        UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

2011/06/09 15:42:25.0477 1504        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2011/06/09 15:42:25.0532 1504        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/06/09 15:42:25.0633 1504        umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2011/06/09 15:42:25.0674 1504        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/06/09 15:42:25.0765 1504        USBAAPL64       (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys

2011/06/09 15:42:25.0863 1504        usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/06/09 15:42:25.0907 1504        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2011/06/09 15:42:25.0941 1504        usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2011/06/09 15:42:26.0039 1504        usbfilter       (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys

2011/06/09 15:42:26.0102 1504        usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

2011/06/09 15:42:26.0175 1504        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2011/06/09 15:42:26.0218 1504        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/06/09 15:42:26.0299 1504        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/06/09 15:42:26.0377 1504        USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/06/09 15:42:26.0431 1504        usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/06/09 15:42:26.0534 1504        usbvideo        (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys

2011/06/09 15:42:26.0615 1504        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/06/09 15:42:26.0704 1504        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/06/09 15:42:26.0746 1504        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/06/09 15:42:26.0825 1504        vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/06/09 15:42:26.0877 1504        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2011/06/09 15:42:26.0931 1504        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/06/09 15:42:27.0026 1504        volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2011/06/09 15:42:27.0082 1504        volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2011/06/09 15:42:27.0127 1504        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/06/09 15:42:27.0208 1504        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/06/09 15:42:27.0329 1504        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/06/09 15:42:27.0383 1504        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/06/09 15:42:27.0418 1504        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/09 15:42:27.0444 1504        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/09 15:42:27.0552 1504        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/06/09 15:42:27.0614 1504        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/06/09 15:42:27.0739 1504        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/06/09 15:42:27.0775 1504        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/06/09 15:42:27.0962 1504        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/06/09 15:42:28.0031 1504        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/06/09 15:42:28.0133 1504        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/06/09 15:42:28.0193 1504        WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

2011/06/09 15:42:28.0281 1504        WSDScan         (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys

2011/06/09 15:42:28.0364 1504        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2011/06/09 15:42:28.0502 1504        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/06/09 15:42:28.0733 1504        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

2011/06/09 15:42:28.0754 1504        ================================================================================

2011/06/09 15:42:28.0754 1504        Scan finished

2011/06/09 15:42:28.0754 1504        ================================================================================

2011/06/09 15:42:28.0768 2812        Detected object count: 1

2011/06/09 15:42:28.0768 2812        Actual detected object count: 1

2011/06/09 15:42:40.0605 2812        LockedFile.Multi.Generic(sptd) - User select action: Skip

Folgende Meldung könnte vll wichtig sein ? :
hxxp://i52.tinypic.com/16aqn3p.png
Ok, dass ist von Deamon Tools für meine Sicherheitskopien von alten Urlaubsfilmen.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Habe alles genau so ausgeführt aber ich bekomme Bluescreen:
"A problem has been detected and windows has been shut down to prevent damage to your computer
...
Thechnical information:
*** STOP: 0x000000F4 ..."
Habe es schon im abgesicherten Modus und immer als Admin versucht.

Starte Windows neu, lösch die alte cofi.exe, lade CF neu als cofi.exe runter und probier es bitte nochmal.

Noch 3x probiert - immer Bluescreen.Ich denke wenn ich Windows neu aufsetze sollte ja alles wieder gehen ?
Aber kann ich das so einfach machen, da er vll auf einen USB-Stick übertragen wird wenn ich Daten retten möchte ?
Ist ein KeyLogger drin oder kann man all diese Fragen noch nicht beantworten.
Mich würde es natürlch am besten gefallen, wenn ich mein jetziges System behalten könnte :(

CF läuft nicht immer. Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Home Premium Edition

Windows Information:                 (build 7600), 64-bit

Base Board Manufacturer:        Acer

BIOS Manufacturer:                Phoenix Technologies LTD

System Manufacturer:                Acer

System Product Name:                Aspire 7540

Logical Drives Mask:                0x0000005c
 

Kernel Drivers (total 174):

  0x0385F000 \SystemRoot\system32\ntoskrnl.exe

  0x03816000 \SystemRoot\system32\hal.dll

  0x00BA7000 \SystemRoot\system32\kdcom.dll

  0x00C9D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

  0x00CAA000 \SystemRoot\system32\PSHED.dll

  0x00CBE000 \SystemRoot\system32\CLFS.SYS

  0x00D1C000 \SystemRoot\system32\CI.dll

  0x00E44000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x00EE8000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x01065000 \SystemRoot\System32\Drivers\spyc.sys

  0x0118B000 \SystemRoot\System32\Drivers\WMILIB.SYS

  0x01194000 \SystemRoot\System32\Drivers\SCSIPORT.SYS

  0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys

  0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys

  0x011C3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

  0x00EF7000 \SystemRoot\system32\DRIVERS\pci.sys

  0x011D0000 \SystemRoot\System32\drivers\partmgr.sys

  0x011E5000 \SystemRoot\system32\DRIVERS\compbatt.sys

  0x011EE000 \SystemRoot\system32\DRIVERS\BATTC.SYS

  0x00F2A000 \SystemRoot\system32\DRIVERS\volmgr.sys

  0x00F3F000 \SystemRoot\System32\drivers\volmgrx.sys

  0x00F9B000 \SystemRoot\System32\drivers\mountmgr.sys

  0x00FB5000 \SystemRoot\system32\DRIVERS\atapi.sys

  0x00FBE000 \SystemRoot\system32\DRIVERS\ataport.SYS

  0x00FE8000 \SystemRoot\system32\DRIVERS\msahci.sys

  0x00E00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

  0x00E10000 \SystemRoot\system32\DRIVERS\amdsata.sys

  0x00C00000 \SystemRoot\system32\DRIVERS\storport.sys

  0x00E24000 \SystemRoot\system32\DRIVERS\amdxata.sys

  0x01296000 \SystemRoot\system32\drivers\fltmgr.sys

  0x012E2000 \SystemRoot\system32\drivers\fileinfo.sys

  0x012F6000 \SystemRoot\System32\Drivers\PxHlpa64.sys

  0x0141C000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x01302000 \SystemRoot\System32\Drivers\msrpc.sys

  0x015BF000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x01360000 \SystemRoot\System32\Drivers\cng.sys

  0x015D9000 \SystemRoot\System32\drivers\pcw.sys

  0x015EA000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x0160A000 \SystemRoot\system32\drivers\ndis.sys

  0x016FC000 \SystemRoot\system32\drivers\NETIO.SYS

  0x0175C000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x01787000 \SystemRoot\system32\DRIVERS\volsnap.sys

  0x017D3000 \SystemRoot\System32\Drivers\spldr.sys

  0x01200000 \SystemRoot\System32\drivers\rdyboost.sys

  0x017DB000 \SystemRoot\System32\Drivers\mup.sys

  0x017ED000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x0123A000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x01400000 \SystemRoot\system32\DRIVERS\disk.sys

  0x00C62000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x017F6000 \SystemRoot\system32\DRIVERS\AtiPcie.sys

  0x02AA7000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x02AD1000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys

  0x02ADA000 \SystemRoot\System32\Drivers\Null.SYS

  0x02AE3000 \SystemRoot\System32\Drivers\Beep.SYS

  0x02AEA000 \SystemRoot\System32\drivers\vga.sys

  0x02AF8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x02B1D000 \SystemRoot\System32\drivers\watchdog.sys

  0x02B2D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x02B36000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x02B3F000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x02B48000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x02B53000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x03803000 \SystemRoot\System32\drivers\tcpip.sys

  0x02B64000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x02BAE000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x02BCC000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x02A00000 \SystemRoot\system32\drivers\afd.sys

  0x03A0A000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x03A4F000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x03A58000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x03A7E000 \SystemRoot\system32\DRIVERS\vwififlt.sys

  0x03A94000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x03AA3000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x03ABE000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x03AD2000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x03B23000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x03B2F000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys

  0x03B42000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys

  0x03B4A000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x03B55000 \SystemRoot\System32\Drivers\ElbyCDIO.sys

  0x03B60000 \SystemRoot\System32\drivers\discache.sys

  0x03B6F000 \SystemRoot\System32\Drivers\dfsc.sys

  0x03B8D000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x03B9E000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0x03BC0000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x03BE6000 \SystemRoot\system32\DRIVERS\amdppm.sys

  0x03A00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

  0x03CD2000 \SystemRoot\system32\DRIVERS\atikmpag.sys

  0x04602000 \SystemRoot\system32\DRIVERS\atikmdag.sys

  0x03EDB000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x03E46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x03E6A000 \SystemRoot\system32\DRIVERS\k57nd60a.sys

  0x04045000 \SystemRoot\system32\DRIVERS\athrx.sys

  0x041C1000 \SystemRoot\system32\DRIVERS\vwifibus.sys

  0x041CE000 \SystemRoot\SysWOW64\drivers\Afc.sys

  0x041D7000 \??\C:\Windows\system32\drivers\UBHelper.sys

  0x041DF000 \??\C:\Windows\system32\drivers\NTIDrvr.sys

  0x041E7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0x041F4000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0x03D1D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x04000000 \SystemRoot\system32\DRIVERS\usbfilter.sys

  0x0400D000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x0400F000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x04020000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0x04025000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0x03EBB000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys

  0x03EC7000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x03D73000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

  0x03FCF000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x03DB4000 \SystemRoot\System32\Drivers\arp8x3pe.SYS

  0x03FDE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

  0x03FEE000 \SystemRoot\System32\Drivers\RootMdm.sys

  0x03C00000 \SystemRoot\system32\drivers\modem.sys

  0x03C0F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x03C25000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x03C49000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x03C55000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x03C84000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x03C9F000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x02A8A000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x03FF6000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys

  0x04043000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x04245000 \SystemRoot\system32\DRIVERS\ks.sys

  0x04288000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x0429A000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x042F4000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x04309000 \SystemRoot\system32\drivers\AtiHdmi.sys

  0x0432A000 \SystemRoot\system32\drivers\portcls.sys

  0x04367000 \SystemRoot\system32\drivers\drmk.sys

  0x04389000 \SystemRoot\system32\drivers\ksthunk.sys

  0x05803000 \SystemRoot\system32\drivers\RTKVHD64.sys

  0x05A4F000 \SystemRoot\system32\DRIVERS\agrsm64.sys

  0x05B80000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0x05B8E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x05BA7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x05BB0000 \SystemRoot\system32\DRIVERS\NuidFltr.sys

  0x05BB9000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x05BC6000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0x05A00000 \SystemRoot\System32\Drivers\usbvideo.sys

  0x05A2E000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x05A3C000 \SystemRoot\System32\Drivers\dump_diskdump.sys

  0x05BE3000 \SystemRoot\System32\Drivers\dump_amdsata.sys

  0x059E4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x000A0000 \SystemRoot\System32\win32k.sys

  0x0438F000 \SystemRoot\System32\drivers\Dxapi.sys

  0x0439B000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x00550000 \SystemRoot\System32\TSDDD.dll

  0x006D0000 \SystemRoot\System32\cdd.dll

  0x043A9000 \SystemRoot\system32\drivers\luafv.sys

  0x043CC000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0x04200000 \SystemRoot\system32\drivers\WudfPf.sys

  0x00920000 \SystemRoot\System32\ATMFD.DLL

  0x04221000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x0363D000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x03690000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x036A3000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x036BB000 \SystemRoot\system32\drivers\HTTP.sys

  0x03783000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x037A1000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x037B9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x05E2B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x05E79000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x05E9C000 \SystemRoot\system32\drivers\peauth.sys

  0x05F42000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x05F4D000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x05F7A000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x05F8C000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x088FB000 \SystemRoot\System32\DRIVERS\srv.sys

  0x08990000 \??\C:\Windows\system32\drivers\mbam.sys

  0x08871000 \??\C:\Users\GOLDHA~1\AppData\Local\Temp\00557A1.tmp

  0x77180000 \Windows\System32\ntdll.dll

  0x47840000 \Windows\System32\smss.exe

  0xFF4A0000 \Windows\System32\apisetschema.dll
 

Processes (total 61):

       0 System Idle Process

       4 System

     288 C:\Windows\System32\smss.exe

     452 csrss.exe

     516 C:\Windows\System32\wininit.exe

     552 csrss.exe

     580 C:\Windows\System32\services.exe

     608 C:\Windows\System32\lsass.exe

     616 C:\Windows\System32\lsm.exe

     740 C:\Windows\System32\winlogon.exe

     772 C:\Windows\System32\svchost.exe

     864 C:\Windows\System32\svchost.exe

     932 C:\Windows\System32\svchost.exe

    1000 C:\Windows\System32\svchost.exe

     392 C:\Windows\System32\svchost.exe

     464 C:\Windows\System32\audiodg.exe

     788 C:\Windows\System32\svchost.exe

    1116 C:\Windows\System32\svchost.exe

    1264 C:\Windows\System32\spoolsv.exe

    1292 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

    1312 C:\Windows\System32\svchost.exe

    1448 C:\Windows\System32\dwm.exe

    1544 C:\Windows\explorer.exe

    1616 C:\Windows\SysWOW64\svchost.exe

    1660 C:\Windows\System32\taskhost.exe

    1712 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

    1884 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    1912 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    1964 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

    1996 C:\Windows\System32\svchost.exe

    2032 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

    1360 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

    1800 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

    1820 C:\Windows\System32\conhost.exe

    2244 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

    2368 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

    2400 C:\Windows\SysWOW64\PnkBstrA.exe

    2428 C:\Windows\SysWOW64\PnkBstrB.exe

    2464 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe

    2564 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

    2640 C:\Windows\System32\svchost.exe

    2692 C:\Program Files\Acer\Acer Updater\UpdaterService.exe

    2724 C:\Windows\winaudio\winaudio.exe

    2764 C:\Windows\System32\svchost.exe

    2800 C:\Windows\System32\FXSSVC.exe

    2208 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe

    2340 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

    2256 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

    3232 C:\Windows\System32\SearchIndexer.exe

    3520 C:\Windows\System32\svchost.exe

    3844 C:\Program Files\Windows Media Player\wmpnetwk.exe

    3256 C:\Windows\System32\svchost.exe

    4988 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    4532 C:\Windows\System32\wuauclt.exe

    4392 C:\Windows\System32\taskeng.exe

    3468 C:\Windows\System32\SearchProtocolHost.exe

    1928 C:\Windows\System32\SearchFilterHost.exe

    4380 C:\Windows\explorer.exe

    2892 C:\Users\***\Desktop\MBRCheck.exe

    4172 C:\Windows\System32\conhost.exe

    4432 C:\Windows\System32\dllhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`f4500000  (NTFS)
 

PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC60F
 

      Size  Device Name          MBR Status

  --------------------------------------------

    298 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected

            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
 
 

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=29bf526f143bd5469067e8ac87097a40

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-09 11:15:53

# local_time=2011-06-10 01:15:53 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=1797 16775165 100 94 484159 44188270 18029 0

# compatibility_mode=5893 16776573 100 94 208757 59281264 0 0

# compatibility_mode=8192 67108863 100 0 169 169 0 0

# scanned=349952

# found=0

# cleaned=0

# scan_time=9940

Malwarebytes liefert auch keine neuen Ergebnisse.
Mich würde einfach nur interessieren ob es einfach, einfacher ist das System neu aufzusetzen und ich ungestört meine Daten auf eine externe retten könnte ?