Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist (https://www.trojaner-board.de/97524-otl-logfileauswertung-habe-ungute-gefuehl-system-infiziert.html)

Renegade2910 15.04.2011 18:52

OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist
 
Hallo Experten,

könnte bitte einmal jemand einen Blick auf mein OTL Logflie werfen? Ich habe das ungute Gefühl, dass mein System infiziert ist.

Code:

OTL logfile created on: 15.04.2011 19:37:01 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 10,47 Gb Free Space | 26,17% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 4,51 Gb Free Space | 22,55% Space Free | Partition Type: NTFS
Drive E: | 576,18 Gb Total Space | 269,07 Gb Free Space | 46,70% Space Free | Partition Type: NTFS
Drive F: | 425,76 Gb Total Space | 270,33 Gb Free Space | 63,49% Space Free | Partition Type: NTFS
Drive G: | 384,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 186,31 Gb Total Space | 28,94 Gb Free Space | 15,53% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\AppData\Local\Temp\3SS232B.exe (Microsoft Corporation)
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Users\***\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TVersityMediaServer) -- C:\Users\***\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Almico Software)
DRV - (AODDriver) -- D:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA FD E3 3D C3 6E CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.90
FF - prefs.js..network.proxy.backup.ftp: "localhost"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "localhost"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.30 17:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.30 17:00:34 | 000,000,000 | ---D | M]
 
[2009.11.29 12:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.04.15 19:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default\extensions
[2010.04.29 17:37:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.08 17:22:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.15 18:16:37 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009.11.29 12:27:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.12.11 20:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default - Kopie\extensions
[2009.12.11 20:19:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default - Kopie\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.12.11 20:19:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default - Kopie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.12.02 18:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.02 18:03:30 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- D:\PROGRAMME\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2010.10.29 19:59:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.29 19:59:34 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.29 19:59:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.29 19:59:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.29 19:59:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.15 18:57:05 | 000,432,594 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123haustiereundmehr.com
O1 - Hosts: 14888 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [34D27A2BD4720CD8]  File not found
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.246.64.8 62.220.18.8
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.16 20:16:51 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.09.01 23:50:14 | 000,000,000 | ---D | M] - G:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003.08.31 05:36:09 | 000,002,046 | R--- | M] () - G:\Autorun.csf -- [ CDFS ]
O32 - AutoRun File - [2003.09.01 23:50:21 | 001,101,824 | R--- | M] () - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.08.31 05:15:46 | 000,000,027 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006.11.07 15:22:29 | 000,000,000 | ---D | M] - X:\Autorun -- [ NTFS ]
O33 - MountPoints2\{88bcfac6-daba-11de-9775-00241d1101a4}\Shell - "" = AutoRun
O33 - MountPoints2\{88bcfac6-daba-11de-9775-00241d1101a4}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{917baf61-5192-11e0-9464-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{917baf61-5192-11e0-9464-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2003.09.01 23:50:21 | 001,101,824 | R--- | M] ()
O33 - MountPoints2\{92396f23-dab3-11de-9c64-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{92396f23-dab3-11de-9c64-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun1.exe /a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.15 18:46:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2011.04.11 18:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2011.04.03 15:28:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Command & Conquer Generäle Stunde Null Data
[2011.04.03 15:04:11 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Command and Conquer Generals Zero Hour Data
[2011.04.01 16:18:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Baumaschinen Simulator 2011
[2011.03.19 15:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2011.03.19 15:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2011.03.18 21:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.15 19:20:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.15 18:57:05 | 000,432,594 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.04.15 18:46:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.04.15 17:54:35 | 000,059,481 | ---- | M] () -- C:\Users\***\Desktop\memoryking.pdf
[2011.04.15 17:54:26 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.15 17:54:26 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.15 17:20:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.15 16:57:30 | 001,507,168 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.15 16:57:30 | 000,657,428 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.15 16:57:30 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.15 16:57:30 | 000,130,818 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.15 16:57:30 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.15 16:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.15 16:50:37 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.14 17:00:38 | 000,000,576 | ---- | M] () -- C:\Windows\wiso.ini
[2011.04.12 19:08:14 | 000,053,598 | ---- | M] () -- C:\Users\***\Desktop\Aktuell_steuer_checkliste.pdf
[2011.04.04 17:01:46 | 000,364,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.03 15:25:20 | 000,000,991 | ---- | M] () -- C:\Windows\eReg.dat
[2011.04.03 15:20:10 | 000,000,679 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer(TM) Generäle Die Stunde Null .lnk
[2011.03.29 14:23:20 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.03.19 15:11:26 | 000,001,115 | ---- | M] () -- C:\Users\***\Desktop\EVEREST Home Edition.lnk
[2011.03.18 21:25:35 | 000,001,020 | ---- | M] () -- C:\Users\***\Desktop\SpeedFan.lnk
[2011.03.18 21:25:35 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
 
========== Files Created - No Company Name ==========
 
[2011.04.15 17:54:34 | 000,059,481 | ---- | C] () -- C:\Users\***\Desktop\memoryking.pdf
[2011.04.12 19:08:14 | 000,053,598 | ---- | C] () -- C:\Users\***\Desktop\Aktuell_steuer_checkliste.pdf
[2011.04.03 15:20:10 | 000,000,679 | ---- | C] () -- C:\Users\Public\Desktop\Command & Conquer(TM) Generäle Die Stunde Null .lnk
[2011.04.03 15:14:17 | 000,000,991 | ---- | C] () -- C:\Windows\eReg.dat
[2011.03.19 15:11:26 | 000,001,115 | ---- | C] () -- C:\Users\***\Desktop\EVEREST Home Edition.lnk
[2011.03.18 21:25:35 | 000,001,020 | ---- | C] () -- C:\Users\***\Desktop\SpeedFan.lnk
[2011.03.18 21:25:34 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2011.03.10 20:56:46 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2010.12.14 19:06:05 | 000,000,576 | ---- | C] () -- C:\Windows\wiso.ini
[2010.10.20 18:29:29 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.09.29 15:46:09 | 000,150,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\MLTCAP.sys
[2010.06.16 00:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.03.26 18:07:27 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini
[2009.12.16 17:17:29 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.07 18:20:18 | 000,472,656 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2009.12.07 18:16:42 | 000,003,140 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009.12.07 18:16:42 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\98FF2C839A.sys
[2009.11.30 19:16:14 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.27 00:14:19 | 000,007,588 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2009.11.26 19:48:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006.11.02 21:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.07.16 13:16:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\0ad
[2010.03.27 20:32:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alarmstufe Rot 3 Der Aufstand
[2011.04.01 16:18:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Baumaschinen Simulator 2011
[2010.07.16 13:02:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BRAVIS
[2010.04.25 12:05:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2009.11.27 18:34:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.02.01 17:24:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2010.08.25 17:06:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2010.10.05 18:52:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hardcore
[2009.11.27 00:39:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.08.10 18:21:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World
[2010.04.24 22:08:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetMeter
[2011.03.17 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2010.08.25 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2010.10.03 16:40:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Quest3D
[2011.04.15 18:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2010.10.05 18:51:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sakura
[2011.03.15 18:22:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.03.08 01:33:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec
[2010.01.16 00:29:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.03.27 12:56:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinTrack
[2011.02.12 15:09:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:

OTL Extras logfile created on: 15.04.2011 19:37:01 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 10,47 Gb Free Space | 26,17% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 4,51 Gb Free Space | 22,55% Space Free | Partition Type: NTFS
Drive E: | 576,18 Gb Total Space | 269,07 Gb Free Space | 46,70% Space Free | Partition Type: NTFS
Drive F: | 425,76 Gb Total Space | 270,33 Gb Free Space | 63,49% Space Free | Partition Type: NTFS
Drive G: | 384,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 186,31 Gb Total Space | 28,94 Gb Free Space | 15,53% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\***\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\***\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Orbitdownloader\orbitdm.exe" = D:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitnet.exe" = D:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitdm.exe" = D:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitnet.exe" = D:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0008F2A-0E82-09A2-5A24-DFB31DCB3690}" = ATI Catalyst Install Manager
"{A3E7D4EB-D170-F9A8-B6C5-403CE95AC1B1}" = ccc-utility64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ffdshow64_is1" = ffdshow x64 [rev 3305] [2010-03-04]
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023E7812-63E0-F0EB-F226-806679332948}" = CCC Help Spanish
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E87F64-7182-985A-694E-08475EE6F5F1}" = CCC Help English
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1650594B-3979-48DB-B8F2-4634CAA872A3}_is1" = Bounty Bay Online
"{1A7A8F56-CDB2-2925-5714-AE602C8C80D0}" = CCC Help Portuguese
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2410A9B7-A14A-FCD4-203B-E4266C98A65A}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{2D62D645-8460-6888-9E89-0F93947E0925}" = CCC Help German
"{2EF94C49-4D4F-2137-26C2-4E52E36E54DF}" = Catalyst Control Center InstallProxy
"{30B950DB-5E14-4186-A1D7-B582B5966087}" = Catalyst Control Center Graphics Previews Vista
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0728.1
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5F15CD04-5682-D6AA-D5E5-F2A6643EF261}" = Catalyst Control Center Graphics Previews Common
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{64C67386-CF44-9E7A-7133-8F9CE8D6C41E}" = ccc-core-static
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3F693F-A252-46A7-8D0F-7F409B13F738}" = Scope
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals client
"{82BF91C4-229F-4447-EC70-D31705D7D2E7}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{99E67091-D392-4031-AD2A-E9547F3615F8}" = KONICA_MINOLTA DiMAGE remote camera driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9EA81723-22AD-686B-D090-8C1C9A9794D0}" = CCC Help Greek
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D51A7556-FA80-9167-7576-C5B103E2B837}" = CCC Help Italian
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}" = Command & Conquer™ Alarmstufe Rot 3 Der Aufstand
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E13F254C-A426-634A-DEAA-4926F200292C}" = CCC Help French
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F241EC95-C81A-466E-8006-6B0B364B07A0}" = PCMark Vantage
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBA739C4-DF56-3ADF-79EE-DE39533BBB6A}" = Catalyst Control Center Localization All
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Cinergy T USB XXS" = Cinergy T USB XXS V2.03.03.29
"Drumaxx" = Drumaxx
"Earth 2160" = Earth 2160
"EasyBCD" = EasyBCD 1.7.2
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FL Studio 9" = FL Studio 9
"Fraps" = Fraps
"FreePDF_XP" = FreePDF (Remove only)
"German Truck Simulator" = German Truck Simulator 1.00
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Hardcore" = Hardcore
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0728.1
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"JDownloader" = JDownloader
"Look@LAN_1.0" = Look@LAN 2.50 Build 35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Orbit_is1" = Orbit Downloader
"PoiZone" = PoiZone
"Pontifex II" = Pontifex II
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"Sakura" = Sakura
"Sawer" = Sawer
"Skyscraper Simulator" = Skyscraper Simulator
"Spectrum Analyzer pro Live" = Spectrum Analyzer pro Live
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 22380" = Fallout: New Vegas
"Steam App 240" = Counter-Strike: Source
"Steam App 33310" = R.U.S.E. Beta
"Steam App 400" = Portal
"Steam App 99850" = Crysis 2 Demo
"SurfMusik 3.1a_is1" = SurfMusik 3.1a
"SWFPlayer_is1" = SWFPlayer 2.6.2.0
"The Moon Project" = The Moon Project
"Toxic Biohazard" = Toxic Biohazard
"TVersity Media Server" = TVersity Media Server 1.8 Beta
"VLC media player" = VLC media player 1.1.1
"WinLiveSuite" = Windows Live Essentials
"WinTrack 9.0_is1" = WinTrack V9.0 3D
"Yuri's Revenge" = Command && Conquer Alarmstufe Rot 2 - Yuris Rache
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.04.2011 12:35:44 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 12:35:44 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Media Center Events ]
Error - 29.05.2010 08:04:40 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 14:04:40 - Fehler beim Herstellen der Internetverbindung.  14:04:40
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 29.05.2010 08:05:11 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 14:05:09 - Fehler beim Herstellen der Internetverbindung.  14:05:09
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 07.02.2011 14:32:06 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 19:31:47 - EpgListings konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten) 
 
[ System Events ]
Error - 11.04.2011 14:09:45 | Computer Name = Desktop | Source = Service Control Manager | ID = 7034
Description = Dienst "TVersityMediaServer" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 12.04.2011 14:02:19 | Computer Name = Desktop | Source = Service Control Manager | ID = 7034
Description = Dienst "TVersityMediaServer" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 13.04.2011 14:25:43 | Computer Name = Desktop | Source = Service Control Manager | ID = 7034
Description = Dienst "TVersityMediaServer" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 14.04.2011 11:26:52 | Computer Name = Desktop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?04.?2011 um 17:25:13 unerwartet heruntergefahren.
 
Error - 14.04.2011 14:34:41 | Computer Name = Desktop | Source = Service Control Manager | ID = 7034
Description = Dienst "TVersityMediaServer" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 15.04.2011 11:22:46 | Computer Name = Desktop | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk5\DR5.
 
Error - 15.04.2011 11:45:56 | Computer Name = Desktop | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk5\DR9.
 
Error - 15.04.2011 11:46:41 | Computer Name = Desktop | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk5\DR9.
 
Error - 15.04.2011 11:48:22 | Computer Name = Desktop | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk5\DR9.
 
Error - 15.04.2011 11:49:49 | Computer Name = Desktop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR9 gefunden.
 
 
< End of report >

Vielen Dank bereits im Voraus.

cosinus 15.04.2011 21:26

Zitat:

Ich habe das ungute Gefühl, dass mein System infiziert ist.
Warum genau?
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Renegade2910 16.04.2011 11:42

Gestern hatte ich einen unbekannten Prozess im Taskmanager. Habe ich diesen beendet, kam er ein paar Minuten unter ähnlichem Namen wieder. Beschreibung war Systray .exe stub und befand sich in c:\users\***\appdata\local\temp. Hatte auch das Temp Verzeichnis gelöscht. Prozess tauchte trotzdem wieder auf. Heute ist er bis jetzt noch nicht aufgetaucht.

Das Logfile von Malwarebytes ist unauffällig:
Code:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6373

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.04.2011 12:37:05
mbam-log-2011-04-16 (12-37-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 272837
Laufzeit: 22 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


cosinus 16.04.2011 11:57

Weitere Log von Malwarebytes gbt es noch?

Renegade2910 16.04.2011 13:09

Es gibt momentan keine weiteren Logs von Malwarebytes. Scanns der Vergangenheit waren aber ebenfalls ohne Befund.

cosinus 16.04.2011 14:15

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
[2010.07.16 13:16:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\0ad
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.16 20:16:51 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.09.01 23:50:14 | 000,000,000 | ---D | M] - G:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003.08.31 05:36:09 | 000,002,046 | R--- | M] () - G:\Autorun.csf -- [ CDFS ]
O32 - AutoRun File - [2003.09.01 23:50:21 | 001,101,824 | R--- | M] () - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.08.31 05:15:46 | 000,000,027 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006.11.07 15:22:29 | 000,000,000 | ---D | M] - X:\Autorun -- [ NTFS ]
O33 - MountPoints2\{88bcfac6-daba-11de-9775-00241d1101a4}\Shell - "" = AutoRun
O33 - MountPoints2\{88bcfac6-daba-11de-9775-00241d1101a4}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{917baf61-5192-11e0-9464-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{917baf61-5192-11e0-9464-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2003.09.01 23:50:21 | 001,101,824 | R--- | M] ()
O33 - MountPoints2\{92396f23-dab3-11de-9c64-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{92396f23-dab3-11de-9c64-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun1.exe /a
O4 - HKCU..\Run: [34D27A2BD4720CD8]  File not found
FF - prefs.js..network.proxy.backup.ftp: "localhost"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "localhost"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Renegade2910 16.04.2011 14:47

Hier das nach dem Fix generierte Logfile

Code:

All processes killed
========== OTL ==========
C:\Users\***\AppData\Roaming\0ad\logs folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\data\screenshots folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\data folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\config folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation\templates\units folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation\templates\structures folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation\templates\special folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation\templates\gaia folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation\templates folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation\data folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\shaders folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\maps\scenarios folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\maps folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\gui\session_new folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\gui\pregame folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\gui\loading folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\gui\gamesetup folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\gui\common folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\gui folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio\attack\weapon folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio\attack folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio\actor\human\movement folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio\actor\human\death folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio\actor\human folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio\actor folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures\terrain\types\special folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures\terrain\types\grass folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures\terrain\types\biome-mediterranean folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures\terrain\types\biome-desert folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures\terrain\types folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures\terrain folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\materials folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\units\hellenes folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\units folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\structures\hellenes folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\structures folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\units\weapons folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\units\tools folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\units\shields folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\units\heads folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\units folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\temp folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\structures\hellenes folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\structures\decals folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\structures folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\special\common folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\special folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\flora folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\fauna folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\geology folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\flora\trees folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\flora folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\fauna folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes\structural folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes\skeletal folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes\props\shield folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes\props\helmet folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes\props folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes\gaia folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\animation\quadraped folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\animation\female folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\animation\biped folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\animation folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache folder moved successfully.
C:\Users\***\AppData\Roaming\0ad folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTOEXEC.BAT moved successfully.
File  not found.
File move failed. G:\Autorun.csf scheduled to be moved on reboot.
File move failed. G:\Autorun.exe scheduled to be moved on reboot.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88bcfac6-daba-11de-9775-00241d1101a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88bcfac6-daba-11de-9775-00241d1101a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88bcfac6-daba-11de-9775-00241d1101a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88bcfac6-daba-11de-9775-00241d1101a4}\ not found.
File H:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{917baf61-5192-11e0-9464-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917baf61-5192-11e0-9464-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{917baf61-5192-11e0-9464-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917baf61-5192-11e0-9464-806e6f6e6963}\ not found.
File move failed. G:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92396f23-dab3-11de-9c64-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92396f23-dab3-11de-9c64-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92396f23-dab3-11de-9c64-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92396f23-dab3-11de-9c64-806e6f6e6963}\ not found.
File G:\autorun1.exe /a not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\34D27A2BD4720CD8 deleted successfully.
Prefs.js: "localhost" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "localhost" removed from network.proxy.backup.gopher
Prefs.js: 8080 removed from network.proxy.backup.gopher_port
Prefs.js: "localhost" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "localhost" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "localhost" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "localhost" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 104814 bytes
->Temporary Internet Files folder emptied: 12070556 bytes
->Java cache emptied: 37347594 bytes
->FireFox cache emptied: 95708856 bytes
->Flash cache emptied: 12691 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1500 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 375071 bytes
 
Total Files Cleaned = 139,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04162011_154007

Files\Folders moved on Reboot...
File move failed. G:\Autorun.csf scheduled to be moved on reboot.
File move failed. G:\Autorun.exe scheduled to be moved on reboot.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


cosinus 17.04.2011 18:43

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Renegade2910 18.04.2011 16:50

TDSSKiller zeigt keine weiteren Funde an.
Auf meine Dokument und Ordner kann ich auch alle zugreifen.

Code:

2011/04/18 17:45:54.0909 1884        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 17:45:55.0221 1884        ================================================================================
2011/04/18 17:45:55.0221 1884        SystemInfo:
2011/04/18 17:45:55.0221 1884       
2011/04/18 17:45:55.0221 1884        OS Version: 6.1.7600 ServicePack: 0.0
2011/04/18 17:45:55.0221 1884        Product type: Workstation
2011/04/18 17:45:55.0221 1884        ComputerName: DESKTOP
2011/04/18 17:45:55.0221 1884        UserName: ***
2011/04/18 17:45:55.0221 1884        Windows directory: C:\Windows
2011/04/18 17:45:55.0221 1884        System windows directory: C:\Windows
2011/04/18 17:45:55.0221 1884        Running under WOW64
2011/04/18 17:45:55.0221 1884        Processor architecture: Intel x64
2011/04/18 17:45:55.0221 1884        Number of processors: 3
2011/04/18 17:45:55.0221 1884        Page size: 0x1000
2011/04/18 17:45:55.0221 1884        Boot type: Normal boot
2011/04/18 17:45:55.0221 1884        ================================================================================
2011/04/18 17:45:55.0518 1884        Initialize success
2011/04/18 17:45:56.0984 3104        ================================================================================
2011/04/18 17:45:56.0984 3104        Scan started
2011/04/18 17:45:56.0984 3104        Mode: Manual;
2011/04/18 17:45:56.0984 3104        ================================================================================
2011/04/18 17:45:58.0217 3104        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/18 17:45:58.0248 3104        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/18 17:45:58.0263 3104        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/18 17:45:58.0419 3104        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/18 17:45:58.0607 3104        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/18 17:45:58.0731 3104        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/18 17:45:58.0903 3104        AFD            (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/18 17:45:59.0028 3104        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/18 17:45:59.0153 3104        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/18 17:45:59.0449 3104        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/18 17:45:59.0574 3104        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/18 17:45:59.0979 3104        amdkmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/18 17:46:00.0276 3104        amdkmdap        (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/18 17:46:00.0323 3104        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/18 17:46:00.0401 3104        amdsata        (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/18 17:46:00.0432 3104        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/18 17:46:00.0463 3104        amdxata        (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/18 17:46:00.0572 3104        AODDriver      (f160ecce1500a5a5877c123584e86b17) D:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys
2011/04/18 17:46:00.0759 3104        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/18 17:46:00.0822 3104        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/18 17:46:00.0837 3104        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/18 17:46:00.0884 3104        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/18 17:46:00.0978 3104        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/18 17:46:02.0210 3104        atikmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/18 17:46:02.0319 3104        avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/18 17:46:02.0382 3104        avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/18 17:46:02.0444 3104        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/18 17:46:02.0538 3104        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/18 17:46:02.0569 3104        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/18 17:46:02.0616 3104        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/18 17:46:02.0647 3104        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/18 17:46:02.0725 3104        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/18 17:46:02.0741 3104        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/18 17:46:02.0772 3104        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/18 17:46:03.0458 3104        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/18 17:46:03.0505 3104        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/18 17:46:03.0521 3104        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/18 17:46:03.0552 3104        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/18 17:46:03.0630 3104        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/18 17:46:03.0723 3104        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/18 17:46:03.0770 3104        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/18 17:46:03.0833 3104        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/18 17:46:03.0942 3104        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/18 17:46:03.0973 3104        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/18 17:46:03.0989 3104        CNG            (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/18 17:46:04.0051 3104        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/18 17:46:04.0082 3104        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/18 17:46:04.0207 3104        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/18 17:46:04.0285 3104        CSC            (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/04/18 17:46:04.0347 3104        DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/18 17:46:04.0394 3104        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/18 17:46:04.0472 3104        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/18 17:46:04.0519 3104        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/18 17:46:04.0566 3104        DXGKrnl        (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/18 17:46:04.0893 3104        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/18 17:46:05.0127 3104        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/18 17:46:05.0174 3104        ENTECH64        (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
2011/04/18 17:46:05.0205 3104        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/18 17:46:05.0283 3104        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/18 17:46:05.0315 3104        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/18 17:46:05.0361 3104        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/18 17:46:05.0393 3104        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/18 17:46:05.0408 3104        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/18 17:46:05.0439 3104        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/18 17:46:05.0533 3104        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/18 17:46:05.0564 3104        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/18 17:46:05.0595 3104        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/18 17:46:05.0642 3104        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/18 17:46:05.0689 3104        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/18 17:46:05.0767 3104        gdrv            (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2011/04/18 17:46:05.0829 3104        GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
2011/04/18 17:46:05.0907 3104        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/18 17:46:05.0985 3104        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/18 17:46:06.0032 3104        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/18 17:46:06.0048 3104        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/18 17:46:06.0126 3104        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/18 17:46:06.0173 3104        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/18 17:46:06.0219 3104        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/18 17:46:06.0266 3104        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/18 17:46:06.0297 3104        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/18 17:46:06.0375 3104        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/18 17:46:06.0422 3104        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/18 17:46:06.0469 3104        iaStorV        (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/18 17:46:06.0516 3104        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/18 17:46:06.0641 3104        IntcAzAudAddService (6bcd9505f0ab48edda1ee250987b0eb4) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/18 17:46:06.0734 3104        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/18 17:46:06.0812 3104        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/18 17:46:06.0843 3104        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 17:46:06.0890 3104        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/18 17:46:06.0921 3104        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/18 17:46:06.0968 3104        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/18 17:46:07.0015 3104        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/18 17:46:07.0046 3104        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/18 17:46:07.0109 3104        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/18 17:46:07.0140 3104        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/18 17:46:07.0171 3104        KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/18 17:46:07.0249 3104        KSecPkg        (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/18 17:46:07.0265 3104        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/18 17:46:07.0343 3104        L8042Kbd        (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2011/04/18 17:46:07.0389 3104        L8042mou        (a6fe2e63441094074f57243fb0fdb45a) C:\Windows\system32\DRIVERS\L8042mou.Sys
2011/04/18 17:46:07.0467 3104        LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/18 17:46:07.0530 3104        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/18 17:46:07.0577 3104        LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/18 17:46:07.0608 3104        LMouKE          (f518c34c137348b7dbe5343acc646a1c) C:\Windows\system32\DRIVERS\LMouKE.Sys
2011/04/18 17:46:07.0670 3104        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/18 17:46:07.0701 3104        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/18 17:46:07.0764 3104        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/18 17:46:07.0795 3104        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/18 17:46:07.0826 3104        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/18 17:46:07.0873 3104        LUsbFilt        (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/04/18 17:46:07.0920 3104        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/18 17:46:07.0982 3104        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/18 17:46:08.0076 3104        mod7700        (6d4236d8b7bd6557b77fbf2ab001cad4) C:\Windows\system32\DRIVERS\dvb7700all.sys
2011/04/18 17:46:08.0123 3104        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/18 17:46:08.0185 3104        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/18 17:46:08.0232 3104        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/18 17:46:08.0279 3104        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/18 17:46:08.0310 3104        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/18 17:46:08.0357 3104        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/18 17:46:08.0435 3104        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/18 17:46:08.0466 3104        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/18 17:46:08.0513 3104        mrxsmb          (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 17:46:08.0544 3104        mrxsmb10        (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 17:46:08.0575 3104        mrxsmb20        (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 17:46:08.0606 3104        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/18 17:46:08.0637 3104        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/18 17:46:08.0731 3104        MSDV            (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
2011/04/18 17:46:08.0793 3104        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/18 17:46:08.0825 3104        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/18 17:46:08.0840 3104        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/18 17:46:08.0871 3104        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/18 17:46:08.0918 3104        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/18 17:46:08.0934 3104        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/18 17:46:08.0996 3104        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/18 17:46:09.0027 3104        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/18 17:46:09.0043 3104        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/18 17:46:09.0074 3104        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/18 17:46:09.0121 3104        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/18 17:46:09.0215 3104        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/18 17:46:09.0277 3104        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/18 17:46:09.0308 3104        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/18 17:46:09.0339 3104        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/18 17:46:09.0417 3104        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/18 17:46:09.0449 3104        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/18 17:46:09.0464 3104        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/18 17:46:09.0527 3104        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/18 17:46:09.0542 3104        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/18 17:46:09.0589 3104        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/18 17:46:09.0651 3104        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/18 17:46:09.0683 3104        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/18 17:46:09.0729 3104        Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/18 17:46:09.0807 3104        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/18 17:46:09.0823 3104        nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/18 17:46:09.0854 3104        nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/18 17:46:09.0917 3104        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/18 17:46:09.0963 3104        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/18 17:46:09.0995 3104        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/18 17:46:10.0026 3104        partmgr        (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/18 17:46:10.0057 3104        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/18 17:46:10.0073 3104        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/18 17:46:10.0166 3104        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/18 17:46:10.0197 3104        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/18 17:46:10.0275 3104        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/18 17:46:10.0541 3104        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/18 17:46:10.0790 3104        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/18 17:46:10.0993 3104        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/18 17:46:11.0118 3104        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/18 17:46:11.0258 3104        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/18 17:46:11.0305 3104        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/18 17:46:11.0321 3104        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/18 17:46:11.0367 3104        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/18 17:46:11.0399 3104        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 17:46:11.0477 3104        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/18 17:46:11.0508 3104        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/18 17:46:11.0539 3104        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/18 17:46:11.0570 3104        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/18 17:46:11.0633 3104        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 17:46:11.0742 3104        RDPDR          (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/04/18 17:46:11.0789 3104        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/18 17:46:11.0820 3104        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/18 17:46:11.0867 3104        RDPWD          (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/18 17:46:11.0913 3104        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/18 17:46:11.0976 3104        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/18 17:46:12.0023 3104        RTHDMIAzAudService (730c8393dfc90386d5a1ecb24dd6c614) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/04/18 17:46:12.0101 3104        RTL8167        (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/18 17:46:12.0132 3104        s3cap          (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/18 17:46:12.0179 3104        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/18 17:46:12.0241 3104        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/18 17:46:12.0335 3104        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/18 17:46:12.0381 3104        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/18 17:46:12.0444 3104        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/18 17:46:12.0475 3104        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/18 17:46:12.0506 3104        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/18 17:46:12.0553 3104        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/18 17:46:12.0569 3104        sffp_sd        (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/18 17:46:12.0600 3104        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/18 17:46:12.0631 3104        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/18 17:46:12.0693 3104        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/18 17:46:12.0740 3104        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/18 17:46:12.0834 3104        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/18 17:46:12.0943 3104        srv            (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/04/18 17:46:12.0990 3104        srv2            (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/18 17:46:13.0021 3104        srvnet          (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/18 17:46:13.0099 3104        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/18 17:46:13.0193 3104        storflt        (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/18 17:46:13.0255 3104        storvsc        (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/18 17:46:13.0349 3104        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/18 17:46:13.0520 3104        Tcpip          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/18 17:46:13.0629 3104        TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/18 17:46:13.0661 3104        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/18 17:46:13.0707 3104        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/18 17:46:13.0739 3104        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/18 17:46:13.0770 3104        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/18 17:46:13.0801 3104        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/18 17:46:13.0863 3104        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 17:46:13.0926 3104        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/18 17:46:13.0988 3104        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/18 17:46:14.0004 3104        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/18 17:46:14.0097 3104        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/18 17:46:14.0144 3104        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/18 17:46:14.0175 3104        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/18 17:46:14.0207 3104        usbccgp        (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/18 17:46:14.0238 3104        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/18 17:46:14.0269 3104        usbehci        (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/18 17:46:14.0300 3104        usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/18 17:46:14.0378 3104        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/18 17:46:14.0441 3104        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/18 17:46:14.0519 3104        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/18 17:46:14.0550 3104        USBSTOR        (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 17:46:14.0565 3104        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/18 17:46:14.0628 3104        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/18 17:46:14.0659 3104        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/18 17:46:14.0690 3104        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/18 17:46:14.0737 3104        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/18 17:46:14.0768 3104        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/18 17:46:14.0799 3104        vmbus          (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/18 17:46:14.0862 3104        VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/18 17:46:14.0924 3104        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/18 17:46:14.0955 3104        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/18 17:46:15.0002 3104        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/18 17:46:15.0033 3104        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/18 17:46:15.0111 3104        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/04/18 17:46:15.0174 3104        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/18 17:46:15.0221 3104        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 17:46:15.0236 3104        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 17:46:15.0283 3104        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/18 17:46:15.0377 3104        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/18 17:46:15.0455 3104        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/18 17:46:15.0470 3104        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/18 17:46:15.0595 3104        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/18 17:46:15.0673 3104        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/18 17:46:15.0704 3104        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/18 17:46:15.0751 3104        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 17:46:16.0016 3104        ================================================================================
2011/04/18 17:46:16.0016 3104        Scan finished
2011/04/18 17:46:16.0016 3104        ================================================================================


cosinus 18.04.2011 16:56

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Renegade2910 18.04.2011 17:22

CCleaner habe ich ausgeführt.


Hier das Combofix Logfile:
Code:

ComboFix 11-04-17.03 - *** 18.04.2011  18:12:13.1.3 - x64
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.4094.2911 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\pswi_preloaded.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-18 bis 2011-04-18  ))))))))))))))))))))))))))))))
.
.
2011-04-18 16:15 . 2011-04-18 16:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-18 16:06 . 2011-04-18 16:06        --------        d-----w-        c:\program files\CCleaner
2011-04-16 13:40 . 2011-04-16 13:40        --------        d-----w-        C:\_OTL
2011-04-15 16:16 . 2011-04-15 16:16        --------        d-----w-        c:\users\***\AppData\Roaming\QuickScan
2011-04-15 14:57 . 2011-03-15 05:17        8424784        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D513EC8C-AC3C-4669-BBA0-DC8684799782}\mpengine.dll
2011-04-11 16:01 . 2011-04-11 16:01        --------        d-----w-        c:\program files (x86)\MSECache
2011-04-01 14:18 . 2011-04-01 14:18        --------        d-----w-        c:\users\***\AppData\Roaming\Baumaschinen Simulator 2011
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 19:21 . 2011-03-10 18:56        30528        ----a-w-        c:\windows\GVTDrv64.sys
2011-03-10 19:21 . 2011-02-19 14:58        25640        ----a-w-        c:\windows\gdrv.sys
2011-03-10 19:10 . 2010-06-24 10:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:37 . 2011-03-09 16:33        1135104        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 16:32        1540608        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 16:32        902656        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 16:32        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 16:32        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2011-02-06 12:31 . 2010-05-29 11:33        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-02 16:11 . 2009-11-26 18:10        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 16:55        982912        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 16:55        265088        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 16:55        144384        ----a-w-        c:\windows\system32\cdd.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2010-06-09 1689088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-28 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 136176]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AODDriver;AODDriver;d:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-02-22 14904]
R3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
R3 cpuz130;cpuz130;c:\users\***\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-03-10 30528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - klmd25
*Deregistered* - klmdb
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 16:05]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 16:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-27 6471200]
"Skytel"="Skytel.exe" [2008-08-27 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - d:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\programme\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\programme\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6g12q6zk.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - localhost
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-klmdb.sys
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1268737062-1676774691-1697149512-1000\Software\SecuROM\License information*]
"datasecu"=hex:c5,b8,14,94,b2,d5,36,4b,d7,63,eb,c8,f2,34,73,89,ac,0c,7c,b7,6c,
  65,22,ea,4a,40,f2,09,28,dd,19,c8,c7,39,24,2b,ea,9c,61,1f,14,e8,a3,ca,9b,cf,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-18  18:16:33
ComboFix-quarantined-files.txt  2011-04-18 16:16
.
Vor Suchlauf: 10 Verzeichnis(se), 10.625.548.288 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 10.485.268.480 Bytes frei
.
- - End Of File - - 9EC6DC57753BF0DFAC71136FE511EAC7


cosinus 18.04.2011 17:26

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Renegade2910 18.04.2011 17:43

GMER Logfile:
Code:

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-18 18:37:57
Windows 6.1.7600 
Running: 5hqclcr4.exe


---- Files - GMER 1.0.15 ----

File  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat  0 bytes
File  C:\Windows\Microsoft.NET\ngenservice_pri3_lock.dat                    0 bytes

---- EOF - GMER 1.0.15 ----

--- --- ---


MBRChek Log
Code:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Professional
Windows Information:                (build 7600), 64-bit
Base Board Manufacturer:        Gigabyte Technology Co., Ltd.
BIOS Manufacturer:                Award Software International, Inc.
System Manufacturer:                Gigabyte Technology Co., Ltd.
System Product Name:                GA-MA790X-UD4
Logical Drives Mask:                0x00800f7d

Kernel Drivers (total 194):
  0x0304D000 \SystemRoot\system32\ntoskrnl.exe
  0x03004000 \SystemRoot\system32\hal.dll
  0x00B9D000 \SystemRoot\system32\kdcom.dll
  0x00C73000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00C80000 \SystemRoot\system32\PSHED.dll
  0x00C94000 \SystemRoot\system32\CLFS.SYS
  0x00CF2000 \SystemRoot\system32\CI.dll
  0x00DB2000 \SystemRoot\system32\drivers\klmdb.sys
  0x00E3C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00EE0000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00EEF000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x00F46000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x00F4F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x00F59000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00F66000 \SystemRoot\system32\DRIVERS\pci.sys
  0x00F99000 \SystemRoot\System32\drivers\partmgr.sys
  0x00FAE000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00FC3000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x00FCA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00FDA000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00FF4000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x00E2A000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x0108F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x010DB000 \SystemRoot\system32\drivers\fileinfo.sys
  0x0121C000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x010EF000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013BF000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x0114D000 \SystemRoot\System32\Drivers\cng.sys
  0x013D9000 \SystemRoot\System32\drivers\pcw.sys
  0x013EA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01471000 \SystemRoot\system32\drivers\ndis.sys
  0x01563000 \SystemRoot\system32\drivers\NETIO.SYS
  0x015C3000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01601000 \SystemRoot\System32\drivers\tcpip.sys
  0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0144A000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x0145A000 \SystemRoot\System32\Drivers\spldr.sys
  0x01462000 \SystemRoot\SysWOW64\speedfan.sys
  0x0104C000 \SystemRoot\System32\drivers\rdyboost.sys
  0x015EE000 \SystemRoot\System32\Drivers\mup.sys
  0x013F4000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x011C0000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01200000 \SystemRoot\system32\DRIVERS\disk.sys
  0x00DCD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x02AE6000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x02B10000 \SystemRoot\System32\Drivers\Null.SYS
  0x02B19000 \SystemRoot\System32\Drivers\Beep.SYS
  0x02B20000 \SystemRoot\System32\drivers\vga.sys
  0x02B2E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x02B53000 \SystemRoot\System32\drivers\watchdog.sys
  0x02B63000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x02B6C000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x02B75000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x02B7E000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x02B89000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x02B9A000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x02BB8000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x02A00000 \SystemRoot\system32\drivers\afd.sys
  0x034D4000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03519000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03522000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03548000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03557000 \SystemRoot\system32\DRIVERS\serial.sys
  0x03574000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x0358F000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x035A3000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x035F4000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03400000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x0340B000 \SystemRoot\System32\drivers\discache.sys
  0x0341A000 \SystemRoot\system32\drivers\csc.sys
  0x0349D000 \SystemRoot\System32\Drivers\dfsc.sys
  0x034BB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x02A8A000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x02BC5000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x02BEB000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x02AAC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x03C9C000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x0461C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x03CE7000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x03C00000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x03C46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x03C6A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x04DF2000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x03E15000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x03E6B000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x03E7C000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x03EBA000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x03EC7000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x03ED3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x03EF1000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
  0x03EFC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x03F0B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x03F1B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x03F31000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x03F55000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x03F61000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x03F90000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x03FAB000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x03FCC000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x03FE6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x03FF1000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x04235000 \SystemRoot\system32\DRIVERS\ks.sys
  0x04278000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x0428A000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x042E4000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x042EF000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x04304000 \SystemRoot\system32\drivers\RtHDMIVX.sys
  0x04330000 \SystemRoot\system32\drivers\portcls.sys
  0x0436D000 \SystemRoot\system32\drivers\drmk.sys
  0x0438F000 \SystemRoot\system32\drivers\ksthunk.sys
  0x05E7F000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x05E00000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x05E1B000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x05E1D000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
  0x05E2D000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x05E3B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x05E54000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x05E5D000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0x05E70000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x05FEA000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0x000A0000 \SystemRoot\System32\win32k.sys
  0x04395000 \SystemRoot\System32\drivers\Dxapi.sys
  0x043A1000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x043BE000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x043CC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x043D8000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x043E1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x04200000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x005F0000 \SystemRoot\System32\TSDDD.dll
  0x00650000 \SystemRoot\System32\cdd.dll
  0x0420E000 \SystemRoot\system32\drivers\luafv.sys
  0x03DDB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x02AB5000 \SystemRoot\system32\drivers\WudfPf.sys
  0x04600000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x028ED000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x02905000 \SystemRoot\system32\drivers\HTTP.sys
  0x029CD000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x02800000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x02818000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x02845000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x02893000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x07888000 \SystemRoot\system32\drivers\peauth.sys
  0x0792E000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x07939000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x07966000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x07978000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0887A000 \SystemRoot\System32\DRIVERS\srv.sys
  0x0890F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x089CC000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x089D7000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x77220000 \Windows\System32\ntdll.dll
  0x479C0000 \Windows\System32\smss.exe
  0xFF540000 \Windows\System32\apisetschema.dll
  0xFF8C0000 \Windows\System32\autochk.exe
  0xFF420000 \Windows\System32\msctf.dll
  0xFF3A0000 \Windows\System32\shlwapi.dll
  0xFF330000 \Windows\System32\gdi32.dll
  0xFF250000 \Windows\System32\advapi32.dll
  0xFE4C0000 \Windows\System32\shell32.dll
  0xFE4A0000 \Windows\System32\imagehlp.dll
  0xFE400000 \Windows\System32\clbcatq.dll
  0xFE1F0000 \Windows\System32\ole32.dll
  0x773F0000 \Windows\System32\normaliz.dll
  0xFE120000 \Windows\System32\usp10.dll
  0xFDFF0000 \Windows\System32\rpcrt4.dll
  0xFDD90000 \Windows\System32\iertutil.dll
  0xFDD40000 \Windows\System32\Wldap32.dll
  0xFDCA0000 \Windows\System32\comdlg32.dll
  0x77100000 \Windows\System32\kernel32.dll
  0xFDB70000 \Windows\System32\wininet.dll
  0xFD990000 \Windows\System32\setupapi.dll
  0x773E0000 \Windows\System32\psapi.dll
  0xFD960000 \Windows\System32\imm32.dll
  0xFD880000 \Windows\System32\oleaut32.dll
  0xFD870000 \Windows\System32\nsi.dll
  0xFD6F0000 \Windows\System32\urlmon.dll
  0xFD650000 \Windows\System32\msvcrt.dll
  0xFD630000 \Windows\System32\sechost.dll
  0x77000000 \Windows\System32\user32.dll
  0xFD5B0000 \Windows\System32\difxapi.dll
  0xFD5A0000 \Windows\System32\lpk.dll
  0xFD550000 \Windows\System32\ws2_32.dll
  0xFD510000 \Windows\System32\cfgmgr32.dll
  0xFD470000 \Windows\System32\comctl32.dll
  0xFD450000 \Windows\System32\devobj.dll
  0xFD3E0000 \Windows\System32\KernelBase.dll
  0xFD3A0000 \Windows\System32\wintrust.dll
  0xFD230000 \Windows\System32\crypt32.dll
  0xFD220000 \Windows\System32\msasn1.dll
  0x773D0000 \Windows\SysWOW64\normaliz.dll

Processes (total 60):
      0 System Idle Process
      4 System
    232 C:\Windows\System32\smss.exe
    372 csrss.exe
    436 C:\Windows\System32\wininit.exe
    468 csrss.exe
    492 C:\Windows\System32\services.exe
    508 C:\Windows\System32\lsass.exe
    516 C:\Windows\System32\lsm.exe
    624 C:\Windows\System32\svchost.exe
    672 C:\Windows\System32\winlogon.exe
    776 C:\Windows\System32\svchost.exe
    836 C:\Windows\System32\atiesrxx.exe
    900 C:\Windows\System32\svchost.exe
    948 C:\Windows\System32\svchost.exe
    976 C:\Windows\System32\svchost.exe
    572 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\atieclxx.exe
    1152 C:\Windows\System32\svchost.exe
    1412 C:\Windows\System32\dwm.exe
    1420 C:\Windows\System32\taskhost.exe
    1448 C:\Windows\explorer.exe
    1500 C:\Windows\System32\spoolsv.exe
    1532 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1596 C:\Windows\System32\svchost.exe
    1788 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1916 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1924 C:\Windows\System32\conhost.exe
    1948 C:\Windows\System32\svchost.exe
    1116 C:\Windows\SysWOW64\PSIService.exe
    1240 C:\Windows\System32\TCPSVCS.EXE
    1360 C:\Windows\System32\svchost.exe
    2012 C:\Windows\RAVCpl64.exe
    1728 C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
    1284 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    992 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    2052 C:\Program Files (x86)\FreePDF_XP\fpassist.exe
    2100 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    2360 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2404 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    2608 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    2908 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2940 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3380 C:\Windows\System32\SearchIndexer.exe
    3556 C:\Windows\System32\svchost.exe
    3576 C:\Windows\System32\svchost.exe
    3752 WUDFHost.exe
    1776 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4268 dllhost.exe
    2652 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    1552 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    1608 C:\Windows\System32\svchost.exe
    2304 C:\Windows\System32\audiodg.exe
    4108 C:\Windows\System32\SearchFilterHost.exe
    204 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    1268 C:\Windows\SysWOW64\SearchProtocolHost.exe
    240 C:\Windows\System32\SearchProtocolHost.exe
    3476 C:\Users\***\Desktop\MBRCheck.exe
    4840 C:\Windows\System32\conhost.exe
    3992 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000004`ff976400  (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000000a`00100000  (NTFS)
\\.\X: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5CA
PhysicalDrive2 Model Number: SAMSUNGHD642JJ, Rev: 1AA01113
PhysicalDrive1 Model Number: SAMSUNGSP2014N, Rev: VC100-37

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    596 GB  \\.\PhysicalDrive2  Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    186 GB  \\.\PhysicalDrive1  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


cosinus 18.04.2011 18:12

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Renegade2910 18.04.2011 20:36

Zitat:

Zitat von cosinus (Beitrag 642187)
Sieht ok aus.

Das klingt doch gut.:singsing:

Die beiden Suchläufe waren auch ohne Ergebnis.

Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/18/2011 at 08:23 PM

Application Version : 4.50.1002

Core Rules Database Version : 6863
Trace Rules Database Version: 4675

Scan type      : Complete Scan
Total Scan Time : 01:05:17

Memory items scanned      : 756
Memory threats detected  : 0
Registry items scanned    : 13689
Registry threats detected : 0
File items scanned        : 60887
File threats detected    : 0

Code:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6373

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.04.2011 20:52:02
mbam-log-2011-04-18 (20-52-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 275015
Laufzeit: 24 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Welche von den Programmen sollte man routinemäßig laufen lassen um unerwünschte Programme schnell zu finden?


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:36 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129