Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC langsam / seltsame Fehler (https://www.trojaner-board.de/97649-pc-langsam-seltsame-fehler.html)

Randi 18.04.2011 16:56
PC langsam / seltsame Fehler
 
Hallo Experten,
Ich wusste nicht genau wie ich meinen Threadtitel auswählen sollte und versuche hier noch einmal mein Problem zu schildern.

Seit ein paar Tagen läuft mein System nicht mehr so wie es sollte, es läuft langsam und hat z.B ständig Probleme meine Opere.exe zu öffnen (Ja, ich benutze Opera als Webbrowser).
Mein Opera Problem sieht wie folgt aus:
Damit Opera auch irgendwann startet, muss ich es mehrmals versuchen zu starten, d.h. irgendwann befinden sich auch mehrere opera einträge im task-manager, nur starten tut es nicht, selbst wenn ich es als admin ausführe (vista 32bit system), irgendwann wird es jedoch gestartet.

Desweiteren kann ich keine Windows-Updates machen, wenn ich es versuche kommt eine "80072EFE" fehlermeldung.
Im Laufe meiner Zeit am Rechner kommt zwischen durch eine Fehlermeldung ( ich weiß nicht genau wie sie heisst) "Hostprozesse für Windowsdienste wurde beendet".

Ich werde mal meine Logfiles posten.

Malwarebytes:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6390

Windows 6.0.6000
Internet Explorer 8.0.6001.18928

18.04.2011 17:41:21
mbam-log-2011-04-18 (17-41-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 164757
Laufzeit: 3 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL:
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 18.04.2011 17:44:54 - Run 4
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\sushikiste\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 137,79 Gb Free Space | 47,84% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,84 Gb Free Space | 58,37% Space Free | Partition Type: NTFS
Drive E: | 636,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SUSHIKISTE-PC | User Name: sushikiste | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{134958DB-DFD9-43F6-87AF-F711B35F8DBF}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher |
"{14176646-394A-41C4-8C2D-7486E00146E3}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher |
"{161F70BC-06EC-4EF9-96D8-3729DD28E876}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{174032D4-5922-4FD3-B911-C93DEE7D08DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22C8603C-8F7D-4AA5-BD3D-89E18D04AB6C}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher |
"{2D52D9CD-4917-4356-878F-52F25D639227}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{300A04D8-A4A3-4E05-BE8E-1382D42C422F}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{316170C2-B6EF-478D-ACAB-5735C24AE569}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{32B94D00-1164-4F0B-8D87-B403C9C7230A}" = lport=6908 | protocol=17 | dir=in | name=league of legends launcher |
"{32D59CD5-85DA-44AF-B7FB-71712020A41C}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{395B5EF4-D9A0-436C-A858-9CFDFD1266C2}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher |
"{41621D54-DB13-4E66-8663-3B298BA7A275}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{434802E4-14D3-47A6-93BF-B5E18D5D1664}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher |
"{4619CF0E-A1E7-4F9E-8E7B-693026BFFCD1}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{578754C2-1F38-4284-9877-43D746C3FD89}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{6C1BA13D-5C86-49E4-B08D-3A2CB8EF18A4}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{7957E408-9DD5-4B54-A6F7-7826F19B5F39}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{87E2E196-89F8-43CC-A1D9-C74231FBEFB8}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{895B5833-ACBB-44EB-BBDB-23A957760230}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8A455C22-9424-432E-B188-E7CB0F59C182}" = lport=6886 | protocol=17 | dir=in | name=league of legends launcher |
"{8B920C42-3DB4-4989-A33E-FB076FC96DB3}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{8FB0EE13-C11F-48B9-94E9-6585739004F1}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{8FD5C8D7-ED5F-48FD-8FD8-349E8EDD01A7}" = lport=6925 | protocol=17 | dir=in | name=league of legends launcher |
"{9561D2F1-D0E0-4F82-9573-2B7B3FEC1D8F}" = lport=6912 | protocol=6 | dir=in | name=league of legends launcher |
"{9DC76A25-C7E6-4E98-98EE-A4027CEE54DC}" = lport=6908 | protocol=6 | dir=in | name=league of legends launcher |
"{A0AE6E0E-96BE-42A3-A4EE-530DAB8367B9}" = lport=6968 | protocol=17 | dir=in | name=league of legends launcher |
"{A101703D-12EE-4407-AD2E-BF1DB1C8AC95}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{AD52F745-60A2-419A-AC14-F381C8FAA30E}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{BDED8C30-F196-4F7A-8590-80EAED1EE10E}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{C454E5BB-604B-4D36-91DC-CF788C27A198}" = lport=6886 | protocol=6 | dir=in | name=league of legends launcher |
"{C553120F-62D6-4B1F-8FD6-58BF057CB91F}" = lport=6925 | protocol=6 | dir=in | name=league of legends launcher |
"{CCE15F3E-75BA-4D78-A261-FC83995DA834}" = lport=6912 | protocol=17 | dir=in | name=league of legends launcher |
"{D70089E2-E681-4D7B-98E7-BF53995529A3}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher |
"{D8D98E1B-5880-42F9-A299-E7F1FDAF028B}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher |
"{DE80B1E0-BAE0-4895-9F7F-1A10DAEC1D30}" = lport=6968 | protocol=6 | dir=in | name=league of legends launcher |
"{F37EBBF7-0B35-441D-BD8B-C30B8DA466CC}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{F5635713-4D86-4B36-99B1-5BBD8BF5DC35}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{F60C41CA-EFDA-428A-8629-10AB282DD9CC}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{F8F0952F-BBB7-4A09-80D4-BCF73D573D09}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{F903F641-E43C-42DB-A795-57340AAD9FF6}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher |
"{FCB3E0E7-6CEA-48B6-90CF-6DBB741A0DBC}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{FDA7C0E0-306B-4751-8C58-3432C2DECED2}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E95800-5724-409A-AB51-249DFD858CB2}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{0D73330A-79DB-4557-B596-664052D93D8B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{1CC92585-F9C1-4BEB-893F-E12F6530687B}" = protocol=6 | dir=in | app=c:\program files\game\league of legends.exe |
"{2933756A-4B30-49CE-9342-B4E8F6A2771D}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{2DEDA199-9F24-4AAE-BD0D-58390412D977}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{3342639A-A1A6-4025-BBEC-5193D5B5CA40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E7C95C6-EAFA-4060-893B-2D18ABDD5927}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{410821A2-EF28-4CDD-A2DC-257E97C64D5A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{472B86F3-FE39-47C9-ABC3-A5FEDAA8FF33}" = protocol=17 | dir=in | app=c:\program files\air\lolclient.exe |
"{55668923-92AD-4071-8F65-1AC6146D6675}" = protocol=17 | dir=in | app=c:\program files\game\league of legends.exe |
"{59D014BB-DA4B-41F7-B4FA-2F824616A502}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7D2C5C15-D284-4E18-B4FE-FE28F81DB722}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{8B752F90-3DA3-4145-BBFF-705350D49530}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{94D98139-93C4-4AE7-A701-8BB96D145453}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{A7BEBE6F-3F91-48BB-BD2F-D9CA3257599B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AD51EDD3-FAB6-47B0-AE47-397CABE3FABC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD7D7896-4C5B-4ECE-B807-5CE2ED46D306}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{B08F4550-2409-44EB-9ABB-A1225CA55428}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B268C401-25FB-4570-9177-4D0DABDACA88}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B634123A-FDEF-4720-9C26-4B2FD8263097}" = protocol=6 | dir=in | app=c:\program files\air\lolclient.exe |
"{BB21382E-6AB3-4E39-AA02-DBAE3D5B681A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BE23A2C2-1DCD-4599-9A05-884083ACD78A}" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"{C1FFA3C9-594E-452A-9115-00F6405E6228}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C8A2F66C-23B1-47E5-BB86-E1918C0ECD91}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{CF2B2289-F165-4DEC-A10D-A02B52C556BB}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D2286D3D-0B96-4317-9566-62E6FC9F5583}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D7676590-6A95-4380-8879-EB47F0F6228B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{DEA1C3EC-5E58-46AF-916B-5F0AEF700848}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E14D4D6D-D925-4C9B-85B2-D4FA6DBF94E6}" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"{F55A049C-E8C6-4CFE-AFD1-79F74E89363E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F70A21E5-86F3-4250-91C8-713138D17FEB}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{F8503D22-A725-4AA5-8B92-4909AED843EC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{1F6D77E3-ECBA-484B-A637-6FDE926D6EE7}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{3A518229-DE3C-47B4-95C4-7C9EE6155B39}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{4DBB2CA4-39ED-43E6-AD47-AE9143F3F2F6}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{624BB05E-22DE-4C1B-85E0-451DABB921D4}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{636C2056-CDFA-4039-A5D9-F93762DD95F5}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{665CCF3B-AD33-4637-BD66-2022FFC4DF2F}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{789EA55B-22FD-45FE-B7B5-26B361BE5C74}C:\users\sushikiste\desktop\wow offi\launcher.exe" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"TCP Query User{A52B9186-E3DB-4CE2-8A4B-FD83D9337C01}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D391F10B-9D60-4DE7-8C1E-AFB77423F92F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{ECDFBF2D-1729-4B09-99B8-FBC2B3449C6C}C:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{30DA3827-0A79-46D3-A2D0-684433F92CC8}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{5DF47BED-0E00-44E5-85F8-D1E32FF6A91A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{740D67FE-DD54-4047-8030-93E3221A00EE}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{97403973-67F3-46A8-ABC9-D4DCC70FAA62}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{A0C4FCB3-75A4-4229-AD04-C27FFA028820}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A2647C15-25DF-44EC-8E7D-0B9F1C41B033}C:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{A502E949-1F50-41A8-B86A-9277DC96F046}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B2C53353-F6AC-4A8E-B2AF-4DDCDB6B3AD3}C:\users\sushikiste\desktop\wow offi\launcher.exe" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"UDP Query User{B91EB6C5-F877-496D-9AC1-77F7C8ACAD55}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"UDP Query User{FE2E8CD0-47F3-44E0-BCE5-3C14D41E2960}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{49058C21-E4F6-4A99-B715-D62715E0A2A2}" = Vegas Pro 9.0
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57C36BD9-856B-4070-8F9C-0D01DC69C8F0}_is1" = Click & Learn 2007
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A96BFADF-A159-4395-8E9C-A9E2F059A3BB}" = Camtasia Studio 7
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA796D95-C706-4BB9-BDDE-FF228D13D28A}" = Livestream Procaster
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DB52432E-3AD8-41A5-A586-0F065FB6A31E}" = Game Cam
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"1EC636D2DBA2D9924E02E10DA797DEC16306C1A9" = Windows Driver Package - Logitech HIDClass  (10/16/2006 1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"LogMeIn Hamachi" = LogMeIn Hamachi
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.10.2092" = Opera 11.10
"SearchAnonymizer" = SearchAnonymizer
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"f031ef6ac137efc5" = Dell Driver Download Manager
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2011 20:07:26 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 20:07:26 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 20:07:37 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 20:07:37 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 22:14:38 | Computer Name = sushikiste-PC | Source = Application Hang | ID = 1002
Description = Programm WoW.exe, Version 4.0.6.13623 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1424  Anfangszeit: 01cbfca52aa9cc9b  Zeitpunkt der Beendigung:
 157
 
Error - 17.04.2011 10:10:04 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x42c, Anwendungsstartzeit
 01cbfcf7be59d189.
 
Error - 17.04.2011 21:10:03 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x47c, Anwendungsstartzeit
 01cbfd5950137d14.
 
Error - 18.04.2011 00:50:17 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x6c8, Anwendungsstartzeit
 01cbfd658e3802bc.
 
Error - 18.04.2011 10:10:03 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x434, Anwendungsstartzeit
 01cbfdccfa982681.
 
Error - 18.04.2011 11:10:01 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x1364, Anwendungsstartzeit
 01cbfdd26dc4dc9b.
 
[ System Events ]
Error - 10.06.2010 09:34:22 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10.06.2010 09:58:58 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 10.06.2010 09:58:58 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 10.06.2010 10:00:56 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.06.2010 08:22:22 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:22:22 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:24:20 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.06.2010 08:37:55 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:37:55 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:39:53 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---



Ich hoffe ich habe so viel Information wie möglich geliefert.

cosinus 18.04.2011 17:17
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Bitte auch mal dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Randi 18.04.2011 18:17
Ok, ich habe das kaspersky tool ausgeführt und es wurde 1 "rootkit" entfernt glaube ich, jedenfalls gab es 1 fund, allerdings habe ich vergessen das logfile zu kopieren, weil ich den pc neustarten sollte, kann ich das logfile noch finden? oder meinst du das logfile von malwarebytes, welches ich nach der anwendung von tdsskiller ausführen soll (wie im tdsskiller thread beschrieben)?

erst einmal meine alten logfiles von malwarebytes seit dem 11.4 (das nächst ältere ist vom 10.10.2010, falls dir das auch wichtig ist bitte bescheid sagen)

11.4.2011
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6333

Windows 6.0.6000
Internet Explorer 8.0.6001.18928

11.04.2011 19:22:11
mbam-log-2011-04-11 (19-22-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Durchsuchte Objekte: 319581
Laufzeit: 1 Stunde(n), 26 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\sushikiste\AppData\Local\temp\22CC.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Windows\temp\0.035133400434813944.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
13.4.2011
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6348

Windows 6.0.6000
Internet Explorer 8.0.6001.18928

13.04.2011 05:47:05
mbam-log-2011-04-13 (05-47-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Durchsuchte Objekte: 300244
Laufzeit: 1 Stunde(n), 14 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
und das von heute, welches ich schon gepostet hab
hier nochmal das logfile von malwarebytes nach dem scan von tdsskiller:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6391

Windows 6.0.6000
Internet Explorer 8.0.6001.18928

18.04.2011 19:16:52
mbam-log-2011-04-18 (19-16-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 164455
Laufzeit: 3 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 18.04.2011 18:18
Zitat:
Ok, ich habe das kaspersky tool ausgeführt und es wurde 1 "rootkit" entfernt glaube ich
Edit: Da wurde wahrscheinlich der TDL4/TDSS erkannt und entfernt. Bitte Windows neu starten und zur Kontrolle ein neues Log mit dem Kaspersky-TDSS-Killer machen. Du musst auf den Button Report klicken!

Randi 18.04.2011 18:25
hier das logfile:
Code:
2011/04/18 19:22:41.0000 3000        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 19:22:41.0290 3000        ================================================================================
2011/04/18 19:22:41.0290 3000        SystemInfo:
2011/04/18 19:22:41.0290 3000       
2011/04/18 19:22:41.0290 3000        OS Version: 6.0.6000 ServicePack: 0.0
2011/04/18 19:22:41.0290 3000        Product type: Workstation
2011/04/18 19:22:41.0290 3000        ComputerName: SUSHIKISTE-PC
2011/04/18 19:22:41.0290 3000        UserName: sushikiste
2011/04/18 19:22:41.0290 3000        Windows directory: C:\Windows
2011/04/18 19:22:41.0290 3000        System windows directory: C:\Windows
2011/04/18 19:22:41.0290 3000        Processor architecture: Intel x86
2011/04/18 19:22:41.0290 3000        Number of processors: 2
2011/04/18 19:22:41.0291 3000        Page size: 0x1000
2011/04/18 19:22:41.0291 3000        Boot type: Normal boot
2011/04/18 19:22:41.0291 3000        ================================================================================
2011/04/18 19:22:47.0690 3000        Initialize success
2011/04/18 19:22:49.0861 3472        ================================================================================
2011/04/18 19:22:49.0861 3472        Scan started
2011/04/18 19:22:49.0861 3472        Mode: Manual;
2011/04/18 19:22:49.0861 3472        ================================================================================
2011/04/18 19:22:51.0205 3472        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/18 19:22:51.0276 3472        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/18 19:22:51.0330 3472        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/18 19:22:51.0377 3472        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/18 19:22:51.0408 3472        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/18 19:22:51.0477 3472        AFD            (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/18 19:22:51.0539 3472        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/18 19:22:51.0608 3472        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/18 19:22:51.0684 3472        aliide          (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/04/18 19:22:51.0715 3472        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/18 19:22:51.0733 3472        amdide          (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/04/18 19:22:51.0760 3472        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/18 19:22:51.0799 3472        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/18 19:22:51.0895 3472        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/18 19:22:51.0965 3472        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/18 19:22:52.0034 3472        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/18 19:22:52.0079 3472        atapi          (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/04/18 19:22:52.0116 3472        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/18 19:22:52.0198 3472        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/18 19:22:52.0278 3472        BCM43XV        (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/18 19:22:52.0301 3472        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/18 19:22:52.0359 3472        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/18 19:22:52.0407 3472        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/18 19:22:52.0437 3472        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/18 19:22:52.0513 3472        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/18 19:22:52.0576 3472        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/18 19:22:52.0638 3472        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/18 19:22:52.0662 3472        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/18 19:22:52.0688 3472        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/18 19:22:52.0801 3472        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/18 19:22:52.0852 3472        cdrom          (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/18 19:22:52.0901 3472        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/18 19:22:52.0957 3472        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/18 19:22:53.0024 3472        cmdide          (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/04/18 19:22:53.0050 3472        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/18 19:22:53.0071 3472        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/18 19:22:53.0101 3472        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/18 19:22:53.0166 3472        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/18 19:22:53.0236 3472        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/18 19:22:53.0284 3472        drmkaud        (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/18 19:22:53.0315 3472        DXGKrnl        (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/18 19:22:53.0368 3472        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/18 19:22:53.0395 3472        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/18 19:22:53.0479 3472        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/18 19:22:53.0532 3472        fastfat        (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/18 19:22:53.0571 3472        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/18 19:22:53.0617 3472        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/18 19:22:53.0659 3472        Filetrace      (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/18 19:22:53.0684 3472        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/18 19:22:53.0703 3472        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/18 19:22:53.0761 3472        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/18 19:22:53.0798 3472        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/18 19:22:53.0863 3472        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/18 19:22:53.0927 3472        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/18 19:22:54.0006 3472        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/18 19:22:54.0052 3472        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/18 19:22:54.0093 3472        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/18 19:22:54.0123 3472        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/18 19:22:54.0168 3472        HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/18 19:22:54.0212 3472        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/18 19:22:54.0273 3472        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/04/18 19:22:54.0318 3472        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/18 19:22:54.0386 3472        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/18 19:22:54.0419 3472        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/18 19:22:54.0505 3472        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/18 19:22:54.0619 3472        IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/18 19:22:54.0685 3472        intelide        (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2011/04/18 19:22:54.0718 3472        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/18 19:22:54.0782 3472        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 19:22:54.0837 3472        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/18 19:22:54.0872 3472        IPNAT          (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/18 19:22:54.0896 3472        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/18 19:22:54.0929 3472        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/18 19:22:59.0204 3472        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/18 19:22:59.0248 3472        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/18 19:22:59.0275 3472        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/18 19:22:59.0446 3472        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/18 19:22:59.0466 3472        kbdhid          (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/18 19:22:59.0525 3472        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/18 19:22:59.0605 3472        LGBusEnum      (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys
2011/04/18 19:22:59.0641 3472        LGVirHid        (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys
2011/04/18 19:22:59.0685 3472        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/18 19:22:59.0753 3472        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/18 19:22:59.0842 3472        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/18 19:22:59.0903 3472        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/18 19:22:59.0924 3472        luafv          (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/18 19:23:00.0149 3472        LVPr2Mon        (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/18 19:23:00.0396 3472        LVRS            (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
2011/04/18 19:23:00.0494 3472        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/18 19:23:00.0575 3472        Modem          (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/18 19:23:00.0626 3472        monitor        (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/18 19:23:00.0660 3472        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/18 19:23:00.0714 3472        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/18 19:23:00.0750 3472        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/18 19:23:00.0834 3472        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/18 19:23:00.0891 3472        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/18 19:23:00.0950 3472        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/18 19:23:01.0029 3472        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/18 19:23:01.0063 3472        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 19:23:01.0090 3472        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 19:23:01.0113 3472        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 19:23:01.0189 3472        msahci          (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/04/18 19:23:01.0262 3472        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/18 19:23:01.0296 3472        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/18 19:23:01.0342 3472        msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/04/18 19:23:01.0441 3472        MSKSSRV        (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/18 19:23:01.0466 3472        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/18 19:23:01.0497 3472        MSPQM          (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/18 19:23:01.0545 3472        MsRPC          (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/18 19:23:01.0594 3472        mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/18 19:23:01.0630 3472        MSTEE          (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/18 19:23:01.0676 3472        Mup            (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/18 19:23:01.0776 3472        NativeWifiP    (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/18 19:23:01.0820 3472        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/18 19:23:01.0895 3472        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/18 19:23:01.0916 3472        Ndisuio        (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/18 19:23:01.0938 3472        NdisWan        (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/18 19:23:01.0969 3472        NDProxy        (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/18 19:23:01.0992 3472        NetBIOS        (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/18 19:23:02.0019 3472        netbt          (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/18 19:23:02.0084 3472        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/18 19:23:02.0110 3472        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/18 19:23:02.0160 3472        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/18 19:23:02.0217 3472        Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/18 19:23:02.0294 3472        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/18 19:23:02.0389 3472        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/18 19:23:02.0455 3472        NVENETFD        (19055a1c1076ef48e738d26ea7fb8017) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/18 19:23:02.0729 3472        nvlddmkm        (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/18 19:23:02.0818 3472        NVR0Dev        (61d6b1c71ad94f8485e966bebc36d092) C:\Windows\nvoclock.sys
2011/04/18 19:23:02.0879 3472        nvraid          (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2011/04/18 19:23:02.0936 3472        nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/04/18 19:23:03.0052 3472        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/18 19:23:03.0215 3472        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/18 19:23:03.0348 3472        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/18 19:23:03.0372 3472        partmgr        (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/18 19:23:03.0428 3472        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/18 19:23:03.0476 3472        pci            (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/04/18 19:23:03.0528 3472        pciide          (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/04/18 19:23:03.0594 3472        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/18 19:23:03.0661 3472        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/18 19:23:03.0735 3472        pepifilter      (b20f958b207e6aaac5f70d04dd2c30d8) C:\Windows\system32\DRIVERS\lv302af.sys
2011/04/18 19:23:03.0893 3472        PID_PEPI        (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/04/18 19:23:04.0151 3472        PptpMiniport    (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/18 19:23:04.0225 3472        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/18 19:23:04.0370 3472        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/18 19:23:04.0460 3472        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/18 19:23:04.0545 3472        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/18 19:23:04.0611 3472        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/18 19:23:04.0658 3472        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/18 19:23:04.0712 3472        Rasl2tp        (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 19:23:04.0745 3472        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/18 19:23:05.0277 3472        rdbss          (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/18 19:23:05.0396 3472        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 19:23:05.0481 3472        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/18 19:23:05.0658 3472        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/18 19:23:05.0877 3472        RDPWD          (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/18 19:23:06.0002 3472        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/18 19:23:06.0137 3472        RTL8187B        (872c4e777bedcd7f99dc09016b5e6f39) C:\Windows\system32\DRIVERS\wg111v3.sys
2011/04/18 19:23:06.0661 3472        s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/04/18 19:23:06.0721 3472        s0016mdfl      (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/04/18 19:23:06.0771 3472        s0016mdm        (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/04/18 19:23:06.0856 3472        s0016mgmt      (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/04/18 19:23:06.0904 3472        s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/04/18 19:23:06.0944 3472        s0016obex      (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/04/18 19:23:06.0988 3472        s0016unic      (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/04/18 19:23:07.0091 3472        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/18 19:23:07.0162 3472        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/18 19:23:07.0223 3472        seehcri        (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/18 19:23:07.0313 3472        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/18 19:23:07.0357 3472        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/18 19:23:07.0442 3472        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/18 19:23:07.0562 3472        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/18 19:23:07.0594 3472        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/18 19:23:07.0661 3472        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/18 19:23:07.0695 3472        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/18 19:23:07.0782 3472        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/18 19:23:07.0870 3472        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/18 19:23:07.0961 3472        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/18 19:23:08.0023 3472        Smb            (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/18 19:23:08.0067 3472        spldr          (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/18 19:23:08.0284 3472        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/18 19:23:08.0284 3472        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/18 19:23:08.0291 3472        sptd - detected Locked file (1)
2011/04/18 19:23:08.0353 3472        srv            (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/18 19:23:08.0493 3472        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/18 19:23:08.0629 3472        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/18 19:23:08.0765 3472        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/18 19:23:09.0203 3472        SVKP            (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2011/04/18 19:23:09.0735 3472        swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/18 19:23:10.0177 3472        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/18 19:23:10.0513 3472        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/18 19:23:10.0731 3472        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/18 19:23:10.0922 3472        Tcpip          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/04/18 19:23:11.0032 3472        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/18 19:23:11.0349 3472        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/18 19:23:11.0973 3472        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/18 19:23:12.0504 3472        TDTCP          (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/18 19:23:13.0356 3472        tdx            (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/18 19:23:14.0184 3472        TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/18 19:23:14.0417 3472        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 19:23:14.0576 3472        tunmp          (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/18 19:23:14.0823 3472        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/18 19:23:15.0015 3472        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/18 19:23:15.0443 3472        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/18 19:23:16.0641 3472        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/18 19:23:17.0777 3472        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/18 19:23:18.0829 3472        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/18 19:23:19.0709 3472        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/18 19:23:19.0946 3472        umbus          (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/18 19:23:20.0174 3472        USBAAPL        (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/18 19:23:20.0238 3472        usbaudio        (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/04/18 19:23:20.0337 3472        usbccgp        (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/18 19:23:20.0384 3472        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/18 19:23:20.0440 3472        usbehci        (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/18 19:23:20.0589 3472        usbhub          (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/18 19:23:20.0718 3472        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/18 19:23:20.0871 3472        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/18 19:23:21.0037 3472        USBSTOR        (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 19:23:21.0204 3472        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/18 19:23:21.0382 3472        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/18 19:23:21.0499 3472        VgaSave        (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/18 19:23:21.0612 3472        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/18 19:23:21.0761 3472        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/18 19:23:22.0058 3472        viaide          (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/04/18 19:23:22.0151 3472        volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/04/18 19:23:22.0174 3472        volmgrx        (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/18 19:23:22.0224 3472        volsnap        (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/18 19:23:22.0367 3472        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/18 19:23:22.0527 3472        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/18 19:23:22.0602 3472        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 19:23:22.0662 3472        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 19:23:22.0708 3472        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/18 19:23:23.0150 3472        Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/18 19:23:23.0391 3472        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/18 19:23:23.0641 3472        ws2ifsl        (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/18 19:23:23.0717 3472        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 19:23:23.0844 3472        ================================================================================
2011/04/18 19:23:23.0844 3472        Scan finished
2011/04/18 19:23:23.0844 3472        ================================================================================
2011/04/18 19:23:23.0856 3156        Detected object count: 1
2011/04/18 19:23:33.0089 3156        Locked file(sptd) - User select action: Skip
Edit: der PC startet schon merkbar schneller neu und ist auch allgemein schneller mit dem öffnen von opera z.B.

cosinus 18.04.2011 18:38
Poste bitte neue OTL-Logs:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Randi 18.04.2011 18:42
OTL
OTL Logfile:
Code:
OTL logfile created on: 18.04.2011 19:39:44 - Run 5
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\sushikiste\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 137,76 Gb Free Space | 47,83% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,84 Gb Free Space | 58,37% Space Free | Partition Type: NTFS
Drive E: | 636,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SUSHIKISTE-PC | User Name: sushikiste | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\sushikiste\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\sushikiste\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SearchAnonymizer) -- C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (NVR0Dev) -- C:\Windows\nvoclock.sys (NVidia Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                          )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 23:35:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.15 03:05:00 | 000,000,000 | ---D | M]
 
[2010.09.16 23:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Extensions
[2011.04.11 18:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions
[2011.02.08 08:32:44 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.09.17 19:38:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.11 18:24:05 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.28 19:53:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.28 19:53:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.11 02:04:25 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.03.11 02:04:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com
[2011.03.11 02:04:39 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com
[2010.12.08 16:47:52 | 000,000,927 | ---- | M] () -- C:\Users\sushikiste\AppData\Roaming\Mozilla\Firefox\Profiles\aumc5ur9.default\searchplugins\conduit.xml
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\sushikiste\AppData\Roaming\Mozilla\Firefox\Profiles\aumc5ur9.default\searchplugins\icqplugin.xml
[2011.02.22 15:52:49 | 000,001,196 | ---- | M] () -- C:\Users\sushikiste\AppData\Roaming\Mozilla\Firefox\Profiles\aumc5ur9.default\searchplugins\winamp-search.xml
[2011.04.11 22:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.11.26 18:26:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.11 22:46:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.11 22:46:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.04.12 19:20:57 | 000,001,382 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} -  File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: ({DLL_Str}) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\unlgluhp\dtasvuqg.exe) -  File not found
O24 - Desktop WallPaper: C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.18 18:54:24 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\sushikiste\Desktop\tdsskiller.exe
[2011.04.18 16:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.04.18 16:11:04 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011.04.18 16:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Fraps
[2011.04.18 16:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.04.18 16:10:27 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.04.18 02:06:52 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\sushikiste\Desktop\OTL.exe
[2011.04.18 01:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.15 03:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.04.13 01:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\lol-cb3.game_p
[2011.04.13 01:37:35 | 000,194,376 | ---- | C] (Solid State Networks) -- C:\Program Files\patcher_update_tmp.exe
[2011.04.13 01:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\lol-cb3.patcher_15
[2011.04.13 01:36:25 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011.04.13 01:36:25 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011.04.13 01:36:23 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011.04.13 01:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\html
[2011.04.13 01:29:53 | 000,114,688 | ---- | C] (TODO: <Company name>) -- C:\Program Files\CRiotInternetSecurityManagerCom.dll
[2011.04.13 01:29:53 | 000,110,592 | ---- | C] (Solid State Networks) -- C:\Program Files\CRiotLauncherElevateCOM.dll
[2011.04.13 01:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\air
[2011.04.13 01:29:51 | 000,421,888 | ---- | C] (Solid State Networks) -- C:\Program Files\lol.launcher.exe
[2011.04.13 01:29:51 | 000,194,376 | ---- | C] (Solid State Networks) -- C:\Program Files\patcher_update.exe
[2011.04.13 01:29:51 | 000,176,968 | ---- | C] (Solid State Networks) -- C:\Program Files\patcher_lib.decode.dll
[2011.04.13 01:29:51 | 000,118,784 | ---- | C] (Solid State Networks) -- C:\Program Files\launcher.maestro.dll
[2011.04.13 01:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\game
[2011.04.13 01:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011.04.12 22:32:14 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\Desktop\League of Legends
[2011.04.12 22:30:59 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Local\PMB Files
[2011.04.12 22:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011.04.12 19:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.04.11 22:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.04.11 22:46:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.11 22:46:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.11 22:46:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.11 22:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.04.11 18:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011.04.11 18:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.4
[2011.04.11 18:14:34 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011.04.11 18:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak3
[2011.04.11 15:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\unlgluhp
[2011.04.03 12:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.04.03 12:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011.03.28 19:53:21 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Local\Conduit
[2011.03.21 18:23:37 | 000,000,000 | ---D | C] -- C:\Users\sushikiste\AppData\Roaming\Sun
[2011.02.12 17:09:31 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe5285.dll
[2011.02.12 17:03:44 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3F8.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\sushikiste\*.tmp files -> C:\Users\sushikiste\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.18 19:28:14 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.18 19:28:14 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.18 19:28:14 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.18 19:28:14 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.18 19:22:36 | 000,037,397 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.18 19:22:36 | 000,037,397 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.18 19:21:59 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.18 19:21:59 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.18 19:21:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.18 18:54:27 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\sushikiste\Desktop\tdsskiller.exe
[2011.04.18 18:52:11 | 000,000,127 | ---- | M] () -- C:\Program Files\launcher_options.ini
[2011.04.18 16:59:22 | 000,109,568 | ---- | M] () -- C:\Users\sushikiste\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 16:40:12 | 858,282,968 | ---- | M] () -- C:\Users\sushikiste\Documents\KarimZappex.avi
[2011.04.18 16:11:04 | 000,000,730 | ---- | M] () -- C:\Users\sushikiste\Desktop\Fraps.lnk
[2011.04.18 16:10:06 | 001,530,725 | ---- | M] () -- C:\Users\sushikiste\Desktop\wrar400d.exe
[2011.04.18 02:06:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\sushikiste\Desktop\OTL.exe
[2011.04.18 01:53:32 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.15 16:53:39 | 000,000,190 | ---- | M] () -- C:\Program Files\lol-cb3.game.version
[2011.04.15 16:53:38 | 000,000,020 | ---- | M] () -- C:\Program Files\gameversion_Live_04_11_2011_01
[2011.04.15 16:50:43 | 000,000,010 | ---- | M] () -- C:\Program Files\airversion_v1.33.22
[2011.04.15 03:05:01 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.04.15 02:59:10 | 000,001,574 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.04.13 01:37:43 | 000,000,190 | ---- | M] () -- C:\Program Files\lol-cb3.patcher.version
[2011.04.13 01:37:40 | 000,001,693 | ---- | M] () -- C:\Program Files\launcher_config.xml
[2011.04.13 01:36:26 | 000,001,513 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2011.04.12 22:29:40 | 002,257,408 | ---- | M] () -- C:\Users\sushikiste\Desktop\LeagueofLegends.exe
[2011.04.11 22:46:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.04.11 22:46:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.11 22:46:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.11 22:46:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.11 18:24:17 | 000,001,569 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011.04.11 18:14:34 | 000,000,863 | ---- | M] () -- C:\Users\sushikiste\Desktop\TeamSpeak 3 Client.lnk
[2011.04.09 13:17:10 | 000,002,032 | ---- | M] () -- C:\Users\sushikiste\AppData\Local\d3d9caps.dat
[2011.04.03 12:57:36 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2011.03.28 19:52:50 | 000,001,151 | ---- | M] () -- C:\Users\sushikiste\Desktop\Free YouTube to MP3 Converter.lnk
[2011.03.28 10:45:36 | 000,300,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\sushikiste\*.tmp files -> C:\Users\sushikiste\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.18 16:39:20 | 858,282,968 | ---- | C] () -- C:\Users\sushikiste\Documents\KarimZappex.avi
[2011.04.18 16:11:04 | 000,000,730 | ---- | C] () -- C:\Users\sushikiste\Desktop\Fraps.lnk
[2011.04.18 16:10:06 | 001,530,725 | ---- | C] () -- C:\Users\sushikiste\Desktop\wrar400d.exe
[2011.04.18 01:53:32 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.15 16:53:38 | 000,000,020 | ---- | C] () -- C:\Program Files\gameversion_Live_04_11_2011_01
[2011.04.15 16:50:43 | 000,000,010 | ---- | C] () -- C:\Program Files\airversion_v1.33.22
[2011.04.15 03:05:01 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.04.15 03:05:01 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.04.15 02:59:11 | 000,001,586 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.04.15 02:59:10 | 000,001,574 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.04.13 01:36:26 | 000,001,513 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2011.04.13 01:29:51 | 000,192,512 | ---- | C] () -- C:\Program Files\xdelta.exe
[2011.04.13 01:29:51 | 000,059,904 | ---- | C] () -- C:\Program Files\zlib1.dll
[2011.04.13 01:29:51 | 000,001,693 | ---- | C] () -- C:\Program Files\launcher_config.xml
[2011.04.13 01:29:51 | 000,000,190 | ---- | C] () -- C:\Program Files\lol-cb3.patcher.version
[2011.04.13 01:29:51 | 000,000,190 | ---- | C] () -- C:\Program Files\lol-cb3.game.version
[2011.04.13 01:29:51 | 000,000,127 | ---- | C] () -- C:\Program Files\launcher_options.ini
[2011.04.13 01:29:50 | 000,954,368 | ---- | C] () -- C:\Program Files\launcher.lib.dll
[2011.04.13 01:29:50 | 000,057,344 | ---- | C] () -- C:\Program Files\launcher.lang-fr.dll
[2011.04.13 01:29:50 | 000,057,344 | ---- | C] () -- C:\Program Files\launcher.lang-es.dll
[2011.04.13 01:29:50 | 000,057,344 | ---- | C] () -- C:\Program Files\launcher.lang-de.dll
[2011.04.13 01:29:50 | 000,053,248 | ---- | C] () -- C:\Program Files\launcher.lang-en.dll
[2011.04.12 22:29:37 | 002,257,408 | ---- | C] () -- C:\Users\sushikiste\Desktop\LeagueofLegends.exe
[2011.04.11 18:24:17 | 000,001,569 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011.03.28 19:52:50 | 000,001,151 | ---- | C] () -- C:\Users\sushikiste\Desktop\Free YouTube to MP3 Converter.lnk
[2011.01.13 18:41:25 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.10.05 14:54:28 | 000,037,397 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.10.05 14:54:25 | 000,037,397 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.08.08 21:02:18 | 000,017,408 | ---- | C] () -- C:\Users\sushikiste\AppData\Local\WebpageIcons.db
[2010.07.28 15:44:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.24 16:49:16 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.06.24 16:49:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.06.24 16:49:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.06.24 16:49:16 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.06.24 16:49:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.06.13 18:35:09 | 000,139,152 | ---- | C] () -- C:\Users\sushikiste\AppData\Roaming\PnkBstrK.sys
[2010.04.22 10:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\I531_1013.INI
[2010.04.21 18:51:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.04.21 13:45:51 | 000,109,568 | ---- | C] () -- C:\Users\sushikiste\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.20 20:49:23 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.04.20 20:43:37 | 000,002,032 | ---- | C] () -- C:\Users\sushikiste\AppData\Local\d3d9caps.dat
[2009.10.07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2007.03.12 12:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2006.11.02 17:33:31 | 000,641,106 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,116,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,300,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,609,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,726 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Zeug:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Musik:Roxio EMC Stream
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
--- --- ---


Extras
OTL Logfile:
Code:
OTL Extras logfile created on: 18.04.2011 19:39:44 - Run 5
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\sushikiste\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 137,76 Gb Free Space | 47,83% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,84 Gb Free Space | 58,37% Space Free | Partition Type: NTFS
Drive E: | 636,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SUSHIKISTE-PC | User Name: sushikiste | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{134958DB-DFD9-43F6-87AF-F711B35F8DBF}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher |
"{14176646-394A-41C4-8C2D-7486E00146E3}" = lport=6947 | protocol=17 | dir=in | name=league of legends launcher |
"{161F70BC-06EC-4EF9-96D8-3729DD28E876}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{174032D4-5922-4FD3-B911-C93DEE7D08DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22C8603C-8F7D-4AA5-BD3D-89E18D04AB6C}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher |
"{2D52D9CD-4917-4356-878F-52F25D639227}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{300A04D8-A4A3-4E05-BE8E-1382D42C422F}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{316170C2-B6EF-478D-ACAB-5735C24AE569}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{32B94D00-1164-4F0B-8D87-B403C9C7230A}" = lport=6908 | protocol=17 | dir=in | name=league of legends launcher |
"{32D59CD5-85DA-44AF-B7FB-71712020A41C}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{395B5EF4-D9A0-436C-A858-9CFDFD1266C2}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher |
"{41621D54-DB13-4E66-8663-3B298BA7A275}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{434802E4-14D3-47A6-93BF-B5E18D5D1664}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher |
"{4619CF0E-A1E7-4F9E-8E7B-693026BFFCD1}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{578754C2-1F38-4284-9877-43D746C3FD89}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{6C1BA13D-5C86-49E4-B08D-3A2CB8EF18A4}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher |
"{7957E408-9DD5-4B54-A6F7-7826F19B5F39}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher |
"{87E2E196-89F8-43CC-A1D9-C74231FBEFB8}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{895B5833-ACBB-44EB-BBDB-23A957760230}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8A455C22-9424-432E-B188-E7CB0F59C182}" = lport=6886 | protocol=17 | dir=in | name=league of legends launcher |
"{8B920C42-3DB4-4989-A33E-FB076FC96DB3}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{8FB0EE13-C11F-48B9-94E9-6585739004F1}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{8FD5C8D7-ED5F-48FD-8FD8-349E8EDD01A7}" = lport=6925 | protocol=17 | dir=in | name=league of legends launcher |
"{9561D2F1-D0E0-4F82-9573-2B7B3FEC1D8F}" = lport=6912 | protocol=6 | dir=in | name=league of legends launcher |
"{9DC76A25-C7E6-4E98-98EE-A4027CEE54DC}" = lport=6908 | protocol=6 | dir=in | name=league of legends launcher |
"{A0AE6E0E-96BE-42A3-A4EE-530DAB8367B9}" = lport=6968 | protocol=17 | dir=in | name=league of legends launcher |
"{A101703D-12EE-4407-AD2E-BF1DB1C8AC95}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{AD52F745-60A2-419A-AC14-F381C8FAA30E}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{BDED8C30-F196-4F7A-8590-80EAED1EE10E}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{C454E5BB-604B-4D36-91DC-CF788C27A198}" = lport=6886 | protocol=6 | dir=in | name=league of legends launcher |
"{C553120F-62D6-4B1F-8FD6-58BF057CB91F}" = lport=6925 | protocol=6 | dir=in | name=league of legends launcher |
"{CCE15F3E-75BA-4D78-A261-FC83995DA834}" = lport=6912 | protocol=17 | dir=in | name=league of legends launcher |
"{D70089E2-E681-4D7B-98E7-BF53995529A3}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher |
"{D8D98E1B-5880-42F9-A299-E7F1FDAF028B}" = lport=6947 | protocol=6 | dir=in | name=league of legends launcher |
"{DE80B1E0-BAE0-4895-9F7F-1A10DAEC1D30}" = lport=6968 | protocol=6 | dir=in | name=league of legends launcher |
"{F37EBBF7-0B35-441D-BD8B-C30B8DA466CC}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher |
"{F5635713-4D86-4B36-99B1-5BBD8BF5DC35}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher |
"{F60C41CA-EFDA-428A-8629-10AB282DD9CC}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{F8F0952F-BBB7-4A09-80D4-BCF73D573D09}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{F903F641-E43C-42DB-A795-57340AAD9FF6}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher |
"{FCB3E0E7-6CEA-48B6-90CF-6DBB741A0DBC}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{FDA7C0E0-306B-4751-8C58-3432C2DECED2}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E95800-5724-409A-AB51-249DFD858CB2}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{0D73330A-79DB-4557-B596-664052D93D8B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{1CC92585-F9C1-4BEB-893F-E12F6530687B}" = protocol=6 | dir=in | app=c:\program files\game\league of legends.exe |
"{2933756A-4B30-49CE-9342-B4E8F6A2771D}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{2DEDA199-9F24-4AAE-BD0D-58390412D977}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{3342639A-A1A6-4025-BBEC-5193D5B5CA40}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E7C95C6-EAFA-4060-893B-2D18ABDD5927}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{410821A2-EF28-4CDD-A2DC-257E97C64D5A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{472B86F3-FE39-47C9-ABC3-A5FEDAA8FF33}" = protocol=17 | dir=in | app=c:\program files\air\lolclient.exe |
"{55668923-92AD-4071-8F65-1AC6146D6675}" = protocol=17 | dir=in | app=c:\program files\game\league of legends.exe |
"{59D014BB-DA4B-41F7-B4FA-2F824616A502}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7D2C5C15-D284-4E18-B4FE-FE28F81DB722}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{8B752F90-3DA3-4145-BBFF-705350D49530}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{94D98139-93C4-4AE7-A701-8BB96D145453}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{A7BEBE6F-3F91-48BB-BD2F-D9CA3257599B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AD51EDD3-FAB6-47B0-AE47-397CABE3FABC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD7D7896-4C5B-4ECE-B807-5CE2ED46D306}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{B08F4550-2409-44EB-9ABB-A1225CA55428}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B268C401-25FB-4570-9177-4D0DABDACA88}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B634123A-FDEF-4720-9C26-4B2FD8263097}" = protocol=6 | dir=in | app=c:\program files\air\lolclient.exe |
"{BB21382E-6AB3-4E39-AA02-DBAE3D5B681A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BE23A2C2-1DCD-4599-9A05-884083ACD78A}" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"{C1FFA3C9-594E-452A-9115-00F6405E6228}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C8A2F66C-23B1-47E5-BB86-E1918C0ECD91}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{CF2B2289-F165-4DEC-A10D-A02B52C556BB}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D2286D3D-0B96-4317-9566-62E6FC9F5583}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D7676590-6A95-4380-8879-EB47F0F6228B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{DEA1C3EC-5E58-46AF-916B-5F0AEF700848}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E14D4D6D-D925-4C9B-85B2-D4FA6DBF94E6}" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"{F55A049C-E8C6-4CFE-AFD1-79F74E89363E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F70A21E5-86F3-4250-91C8-713138D17FEB}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe |
"{F8503D22-A725-4AA5-8B92-4909AED843EC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{1F6D77E3-ECBA-484B-A637-6FDE926D6EE7}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{3A518229-DE3C-47B4-95C4-7C9EE6155B39}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{4DBB2CA4-39ED-43E6-AD47-AE9143F3F2F6}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{624BB05E-22DE-4C1B-85E0-451DABB921D4}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{636C2056-CDFA-4039-A5D9-F93762DD95F5}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{665CCF3B-AD33-4637-BD66-2022FFC4DF2F}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{789EA55B-22FD-45FE-B7B5-26B361BE5C74}C:\users\sushikiste\desktop\wow offi\launcher.exe" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"TCP Query User{A52B9186-E3DB-4CE2-8A4B-FD83D9337C01}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D391F10B-9D60-4DE7-8C1E-AFB77423F92F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{ECDFBF2D-1729-4B09-99B8-FBC2B3449C6C}C:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{30DA3827-0A79-46D3-A2D0-684433F92CC8}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{5DF47BED-0E00-44E5-85F8-D1E32FF6A91A}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{740D67FE-DD54-4047-8030-93E3221A00EE}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{97403973-67F3-46A8-ABC9-D4DCC70FAA62}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{A0C4FCB3-75A4-4229-AD04-C27FFA028820}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A2647C15-25DF-44EC-8E7D-0B9F1C41B033}C:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\wow offi\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{A502E949-1F50-41A8-B86A-9277DC96F046}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B2C53353-F6AC-4A8E-B2AF-4DDCDB6B3AD3}C:\users\sushikiste\desktop\wow offi\launcher.exe" = protocol=17 | dir=in | app=c:\users\sushikiste\desktop\wow offi\launcher.exe |
"UDP Query User{B91EB6C5-F877-496D-9AC1-77F7C8ACAD55}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"UDP Query User{FE2E8CD0-47F3-44E0-BCE5-3C14D41E2960}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{49058C21-E4F6-4A99-B715-D62715E0A2A2}" = Vegas Pro 9.0
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57C36BD9-856B-4070-8F9C-0D01DC69C8F0}_is1" = Click & Learn 2007
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A96BFADF-A159-4395-8E9C-A9E2F059A3BB}" = Camtasia Studio 7
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA796D95-C706-4BB9-BDDE-FF228D13D28A}" = Livestream Procaster
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DB52432E-3AD8-41A5-A586-0F065FB6A31E}" = Game Cam
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
"1EC636D2DBA2D9924E02E10DA797DEC16306C1A9" = Windows Driver Package - Logitech HIDClass  (10/16/2006 1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"LogMeIn Hamachi" = LogMeIn Hamachi
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.10.2092" = Opera 11.10
"SearchAnonymizer" = SearchAnonymizer
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"f031ef6ac137efc5" = Dell Driver Download Manager
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2011 20:07:26 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 20:07:37 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 20:07:37 | Computer Name = sushikiste-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =
 
Error - 16.04.2011 22:14:38 | Computer Name = sushikiste-PC | Source = Application Hang | ID = 1002
Description = Programm WoW.exe, Version 4.0.6.13623 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1424  Anfangszeit: 01cbfca52aa9cc9b  Zeitpunkt der Beendigung:
 157
 
Error - 17.04.2011 10:10:04 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x42c, Anwendungsstartzeit
 01cbfcf7be59d189.
 
Error - 17.04.2011 21:10:03 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x47c, Anwendungsstartzeit
 01cbfd5950137d14.
 
Error - 18.04.2011 00:50:17 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x6c8, Anwendungsstartzeit
 01cbfd658e3802bc.
 
Error - 18.04.2011 10:10:03 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x434, Anwendungsstartzeit
 01cbfdccfa982681.
 
Error - 18.04.2011 11:10:01 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x1364, Anwendungsstartzeit
 01cbfdd26dc4dc9b.
 
Error - 18.04.2011 12:10:01 | Computer Name = sushikiste-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549adc4, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
 Ausnahmecode 0xc000071b, Fehleroffset 0x0008ac88,  Prozess-ID 0x430, Anwendungsstartzeit
 01cbfddc5d7bec78.
 
[ System Events ]
Error - 10.06.2010 09:32:24 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 10.06.2010 09:34:22 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10.06.2010 09:58:58 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 10.06.2010 09:58:58 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 10.06.2010 10:00:56 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.06.2010 08:22:22 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:22:22 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:24:20 | Computer Name = sushikiste-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.06.2010 08:37:55 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 9, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 11.06.2010 08:37:55 | Computer Name = sushikiste-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 11, Funktion 0.  Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
 
< End of report >
--- --- ---

cosinus 18.04.2011 18:48
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
@Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Zeug:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\sushikiste\Desktop\Musik:Roxio EMC Stream
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
[2011.04.13 01:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\lol-cb3.game_p
[2011.04.18 16:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O4 - HKLM..\Run: []  File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
[2010.09.16 23:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Extensions
[2011.04.11 18:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions
[2011.02.08 08:32:44 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.09.17 19:38:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.11 18:24:05 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.28 19:53:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.28 19:53:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.11 02:04:25 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.03.11 02:04:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Randi 18.04.2011 18:54
Code:
All processes killed
========== OTL ==========
Unable to delete ADS C:\Users\sushikiste\Desktop\Zeug:Roxio EMC Stream .
ADS C:\Users\sushikiste\Desktop\Videos:Roxio EMC Stream deleted successfully.
ADS C:\Users\sushikiste\Desktop\Musik:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Sounds\FMOD folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Sounds folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Shaders\DX9_P1\SIMPLE_ENVIRONMENT folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Shaders\DX9_P1 folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Shaders folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Particles folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\Menu folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\LanguageFilters folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\CFG\defaults folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA\CFG folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game\DATA folder moved successfully.
C:\Program Files\lol-cb3.game_p\Game folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\META-INF folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\css folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\wordList\fr_FR folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\wordList\es_ES folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\wordList\en_US folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\wordList\en_GB folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\wordList\de_DE folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\wordList folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\storeImages\layout folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\storeImages\content\champion_portraits folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\storeImages\content\champions folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\storeImages\content\bundles folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\storeImages\content folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\storeImages folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\sounds\es_ES\champions folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\sounds\es_ES folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\sounds folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\locale folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\images\image folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\images\champions folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\images folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\help\de_DE folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\help folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\data\champions folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets\data folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air\assets folder moved successfully.
C:\Program Files\lol-cb3.game_p\Air folder moved successfully.
C:\Program Files\lol-cb3.game_p folder moved successfully.
C:\ProgramData\TEMP folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File L:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Program Files\Winamp Toolbar\winamptb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Program Files\softonic-de3\tbsoft.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ deleted successfully.
C:\Program Files\DVDVideoSoft\tbDVDV.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Program Files\Winamp Toolbar\winamptb.dll not found.
C:\Users\sushikiste\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\content\preferences folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\content\images folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\content folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions folder moved successfully.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\ not found.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Folder C:\Users\sushikiste\AppData\Roaming\mozilla\Firefox\Profiles\aumc5ur9.default\extensions\engine@conduit.com\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\1104111824\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Program Files\DVDVideoSoft\tbDVDV.dll not found.
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Program Files\ICQ6Toolbar\ICQ Service.exe moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Andere
->Temp folder emptied: 33697 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: sushikiste
->Temp folder emptied: 1812801 bytes
->Temporary Internet Files folder emptied: 5878685 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47601498 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 2708024 bytes
->Flash cache emptied: 61069 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 177815475 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 270490 bytes
RecycleBin emptied: 198632 bytes
 
Total Files Cleaned = 226,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04182011_195022

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 18.04.2011 18:59
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Randi 18.04.2011 19:05
Code:
2011/04/18 20:03:31.0775 4544        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 20:03:32.0072 4544        ================================================================================
2011/04/18 20:03:32.0072 4544        SystemInfo:
2011/04/18 20:03:32.0072 4544       
2011/04/18 20:03:32.0072 4544        OS Version: 6.0.6000 ServicePack: 0.0
2011/04/18 20:03:32.0072 4544        Product type: Workstation
2011/04/18 20:03:32.0072 4544        ComputerName: SUSHIKISTE-PC
2011/04/18 20:03:32.0072 4544        UserName: sushikiste
2011/04/18 20:03:32.0072 4544        Windows directory: C:\Windows
2011/04/18 20:03:32.0072 4544        System windows directory: C:\Windows
2011/04/18 20:03:32.0072 4544        Processor architecture: Intel x86
2011/04/18 20:03:32.0072 4544        Number of processors: 2
2011/04/18 20:03:32.0072 4544        Page size: 0x1000
2011/04/18 20:03:32.0072 4544        Boot type: Normal boot
2011/04/18 20:03:32.0072 4544        ================================================================================
2011/04/18 20:03:34.0565 4544        Initialize success
2011/04/18 20:03:36.0272 2932        ================================================================================
2011/04/18 20:03:36.0272 2932        Scan started
2011/04/18 20:03:36.0272 2932        Mode: Manual;
2011/04/18 20:03:36.0272 2932        ================================================================================
2011/04/18 20:03:41.0130 2932        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/18 20:03:41.0648 2932        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/18 20:03:41.0956 2932        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/18 20:03:43.0186 2932        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/18 20:03:43.0978 2932        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/18 20:03:44.0311 2932        AFD            (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/18 20:03:44.0482 2932        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/18 20:03:44.0584 2932        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/18 20:03:44.0768 2932        aliide          (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
2011/04/18 20:03:44.0849 2932        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/18 20:03:44.0902 2932        amdide          (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
2011/04/18 20:03:44.0978 2932        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/18 20:03:45.0016 2932        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/18 20:03:45.0145 2932        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/18 20:03:45.0200 2932        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/18 20:03:45.0302 2932        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/18 20:03:45.0630 2932        atapi          (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/04/18 20:03:45.0733 2932        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/18 20:03:46.0890 2932        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/18 20:03:47.0578 2932        BCM43XV        (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/18 20:03:47.0891 2932        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/18 20:03:48.0049 2932        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/18 20:03:48.0099 2932        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/18 20:03:48.0296 2932        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/18 20:03:48.0380 2932        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/18 20:03:48.0401 2932        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/18 20:03:48.0614 2932        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/18 20:03:48.0629 2932        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/18 20:03:48.0655 2932        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/18 20:03:48.0850 2932        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/18 20:03:48.0894 2932        cdrom          (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/18 20:03:48.0935 2932        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/18 20:03:49.0640 2932        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/18 20:03:50.0433 2932        cmdide          (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
2011/04/18 20:03:50.0684 2932        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/18 20:03:51.0175 2932        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/18 20:03:51.0243 2932        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/18 20:03:51.0333 2932        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/18 20:03:51.0400 2932        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/18 20:03:51.0443 2932        drmkaud        (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/18 20:03:51.0790 2932        DXGKrnl        (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/18 20:03:51.0935 2932        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/18 20:03:51.0998 2932        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/18 20:03:52.0054 2932        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/18 20:03:52.0676 2932        fastfat        (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/18 20:03:53.0113 2932        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/18 20:03:54.0609 2932        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/18 20:03:55.0701 2932        Filetrace      (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/18 20:03:57.0367 2932        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/18 20:03:57.0653 2932        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/18 20:03:58.0195 2932        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/18 20:03:58.0814 2932        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/18 20:03:59.0604 2932        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/18 20:03:59.0686 2932        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/18 20:03:59.0941 2932        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/18 20:04:00.0525 2932        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/18 20:04:00.0684 2932        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/18 20:04:00.0814 2932        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/18 20:04:00.0926 2932        HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/18 20:04:01.0120 2932        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/18 20:04:01.0589 2932        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/04/18 20:04:01.0643 2932        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/18 20:04:01.0736 2932        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/18 20:04:02.0288 2932        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/18 20:04:02.0372 2932        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/18 20:04:02.0693 2932        IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/18 20:04:02.0794 2932        intelide        (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
2011/04/18 20:04:03.0234 2932        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/18 20:04:03.0357 2932        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 20:04:03.0670 2932        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/18 20:04:04.0069 2932        IPNAT          (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/18 20:04:04.0411 2932        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/18 20:04:04.0604 2932        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/18 20:04:04.0797 2932        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/18 20:04:05.0448 2932        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/18 20:04:05.0650 2932        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/18 20:04:05.0696 2932        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/18 20:04:05.0800 2932        kbdhid          (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/18 20:04:06.0339 2932        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/18 20:04:06.0613 2932        LGBusEnum      (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys
2011/04/18 20:04:06.0674 2932        LGVirHid        (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys
2011/04/18 20:04:06.0760 2932        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/18 20:04:07.0112 2932        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/18 20:04:07.0427 2932        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/18 20:04:07.0520 2932        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/18 20:04:07.0567 2932        luafv          (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/18 20:04:07.0624 2932        LVPr2Mon        (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/18 20:04:08.0004 2932        LVRS            (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
2011/04/18 20:04:08.0118 2932        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/18 20:04:08.0424 2932        Modem          (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/18 20:04:08.0534 2932        monitor        (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/18 20:04:08.0618 2932        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/18 20:04:08.0972 2932        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/18 20:04:09.0327 2932        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/18 20:04:09.0451 2932        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/18 20:04:09.0615 2932        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/18 20:04:10.0066 2932        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/18 20:04:10.0770 2932        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/18 20:04:11.0003 2932        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 20:04:11.0640 2932        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 20:04:11.0806 2932        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 20:04:11.0847 2932        msahci          (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
2011/04/18 20:04:12.0313 2932        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/18 20:04:12.0784 2932        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/18 20:04:12.0875 2932        msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/04/18 20:04:12.0933 2932        MSKSSRV        (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/18 20:04:12.0948 2932        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/18 20:04:13.0230 2932        MSPQM          (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/18 20:04:13.0625 2932        MsRPC          (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/18 20:04:13.0677 2932        mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/18 20:04:13.0980 2932        MSTEE          (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/18 20:04:14.0326 2932        Mup            (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/18 20:04:14.0451 2932        NativeWifiP    (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/18 20:04:14.0494 2932        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/18 20:04:14.0536 2932        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/18 20:04:14.0557 2932        Ndisuio        (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/18 20:04:15.0012 2932        NdisWan        (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/18 20:04:15.0343 2932        NDProxy        (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/18 20:04:15.0449 2932        NetBIOS        (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/18 20:04:15.0593 2932        netbt          (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/18 20:04:15.0667 2932        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/18 20:04:15.0706 2932        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/18 20:04:15.0759 2932        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/18 20:04:16.0800 2932        Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/18 20:04:17.0485 2932        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/18 20:04:17.0605 2932        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/18 20:04:17.0670 2932        NVENETFD        (19055a1c1076ef48e738d26ea7fb8017) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/18 20:04:22.0326 2932        nvlddmkm        (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/18 20:04:22.0475 2932        NVR0Dev        (61d6b1c71ad94f8485e966bebc36d092) C:\Windows\nvoclock.sys
2011/04/18 20:04:22.0611 2932        nvraid          (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2011/04/18 20:04:22.0821 2932        nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/04/18 20:04:22.0882 2932        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/18 20:04:23.0222 2932        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/18 20:04:23.0330 2932        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/18 20:04:23.0357 2932        partmgr        (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/18 20:04:23.0402 2932        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/18 20:04:23.0436 2932        pci            (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/04/18 20:04:23.0486 2932        pciide          (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/04/18 20:04:23.0635 2932        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/18 20:04:23.0693 2932        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/18 20:04:23.0742 2932        pepifilter      (b20f958b207e6aaac5f70d04dd2c30d8) C:\Windows\system32\DRIVERS\lv302af.sys
2011/04/18 20:04:23.0958 2932        PID_PEPI        (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/04/18 20:04:24.0041 2932        PptpMiniport    (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/18 20:04:24.0082 2932        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/18 20:04:24.0153 2932        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/18 20:04:24.0215 2932        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/18 20:04:24.0293 2932        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/18 20:04:24.0335 2932        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/18 20:04:24.0374 2932        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/18 20:04:24.0495 2932        Rasl2tp        (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 20:04:24.0536 2932        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/18 20:04:24.0597 2932        rdbss          (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/18 20:04:24.0631 2932        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 20:04:24.0721 2932        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/18 20:04:24.0735 2932        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/18 20:04:24.0793 2932        RDPWD          (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/18 20:04:24.0851 2932        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/18 20:04:25.0003 2932        RTL8187B        (872c4e777bedcd7f99dc09016b5e6f39) C:\Windows\system32\DRIVERS\wg111v3.sys
2011/04/18 20:04:25.0077 2932        s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/04/18 20:04:25.0245 2932        s0016mdfl      (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/04/18 20:04:25.0295 2932        s0016mdm        (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/04/18 20:04:25.0339 2932        s0016mgmt      (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/04/18 20:04:25.0370 2932        s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/04/18 20:04:25.0393 2932        s0016obex      (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/04/18 20:04:25.0429 2932        s0016unic      (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/04/18 20:04:25.0506 2932        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/18 20:04:25.0586 2932        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/18 20:04:25.0623 2932        seehcri        (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/18 20:04:25.0661 2932        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/18 20:04:25.0701 2932        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/18 20:04:25.0774 2932        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/18 20:04:25.0836 2932        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/18 20:04:25.0852 2932        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/18 20:04:25.0935 2932        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/18 20:04:25.0952 2932        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/18 20:04:26.0040 2932        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/18 20:04:26.0110 2932        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/18 20:04:26.0135 2932        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/18 20:04:26.0647 2932        Smb            (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/18 20:04:27.0666 2932        spldr          (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/18 20:04:28.0599 2932        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/18 20:04:28.0600 2932        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/18 20:04:28.0609 2932        sptd - detected Locked file (1)
2011/04/18 20:04:29.0681 2932        srv            (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/18 20:04:30.0683 2932        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/18 20:04:31.0807 2932        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/18 20:04:32.0539 2932        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/18 20:04:32.0618 2932        SVKP            (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys
2011/04/18 20:04:33.0642 2932        swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/18 20:04:34.0725 2932        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/18 20:04:35.0654 2932        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/18 20:04:35.0972 2932        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/18 20:04:37.0842 2932        Tcpip          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/04/18 20:04:39.0989 2932        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/18 20:04:40.0789 2932        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/18 20:04:41.0088 2932        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/18 20:04:42.0594 2932        TDTCP          (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/18 20:04:43.0146 2932        tdx            (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/18 20:04:43.0216 2932        TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/18 20:04:43.0715 2932        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 20:04:45.0625 2932        tunmp          (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/18 20:04:46.0108 2932        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/18 20:04:46.0589 2932        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/18 20:04:47.0687 2932        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/18 20:04:48.0706 2932        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/18 20:04:49.0670 2932        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/18 20:04:50.0671 2932        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/18 20:04:51.0166 2932        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/18 20:04:51.0670 2932        umbus          (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/18 20:04:52.0322 2932        USBAAPL        (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/18 20:04:52.0577 2932        usbaudio        (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/04/18 20:04:52.0742 2932        usbccgp        (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/18 20:04:53.0499 2932        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/18 20:04:53.0663 2932        usbehci        (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/18 20:04:54.0579 2932        usbhub          (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/18 20:04:55.0583 2932        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/18 20:04:56.0236 2932        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/18 20:04:56.0277 2932        USBSTOR        (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 20:04:56.0311 2932        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/18 20:04:56.0431 2932        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/18 20:04:56.0605 2932        VgaSave        (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/18 20:04:56.0835 2932        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/18 20:04:57.0651 2932        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/18 20:04:58.0689 2932        viaide          (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/04/18 20:04:59.0107 2932        volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/04/18 20:04:59.0162 2932        volmgrx        (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/18 20:04:59.0664 2932        volsnap        (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/18 20:05:00.0271 2932        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/18 20:05:01.0059 2932        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/18 20:05:01.0292 2932        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 20:05:01.0310 2932        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 20:05:01.0356 2932        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/18 20:05:01.0655 2932        Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/18 20:05:01.0823 2932        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/18 20:05:02.0614 2932        ws2ifsl        (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/18 20:05:03.0618 2932        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 20:05:03.0700 2932        ================================================================================
2011/04/18 20:05:03.0700 2932        Scan finished
2011/04/18 20:05:03.0700 2932        ================================================================================
2011/04/18 20:05:03.0714 4592        Detected object count: 1
2011/04/18 20:05:06.0920 4592        Locked file(sptd) - User select action: Skip

cosinus 18.04.2011 19:14
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Randi 18.04.2011 19:34
[Code]
Combofix Logfile:
Code:
ComboFix 11-04-17.03 - sushikiste 18.04.2011  20:22:13.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.3582.2607 [GMT 2:00]
ausgeführt von:: c:\users\sushikiste\Desktop\cofi.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpe3F8.dll
c:\programdata\hpe5285.dll
c:\users\sushikiste\AppData\Local\.#
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-18 bis 2011-04-18  ))))))))))))))))))))))))))))))
.
.
2011-04-18 18:26 . 2011-04-18 18:26        --------        d-----w-        c:\users\Public\AppData\Local\temp
2011-04-18 18:26 . 2011-04-18 18:26        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-18 18:26 . 2011-04-18 18:26        --------        d-----w-        c:\users\Andere\AppData\Local\temp
2011-04-18 14:11 . 2011-04-18 15:18        --------        d-----w-        c:\program files\Fraps
2011-04-15 01:04 . 2011-04-15 01:04        --------        d-----w-        c:\program files\Common Files\Adobe
2011-04-12 23:37 . 2010-02-01 14:26        194376        ----a-w-        c:\program files\patcher_update_tmp.exe
2011-04-12 23:37 . 2011-04-12 23:37        --------        d-----w-        c:\program files\lol-cb3.patcher_15
2011-04-12 23:36 . 2008-07-12 06:18        467984        ----a-w-        c:\windows\system32\d3dx10_39.dll
2011-04-12 23:36 . 2008-07-12 06:18        1493528        ----a-w-        c:\windows\system32\D3DCompiler_39.dll
2011-04-12 23:36 . 2008-07-12 06:18        3851784        ----a-w-        c:\windows\system32\D3DX9_39.dll
2011-04-12 23:35 . 2011-04-12 23:35        --------        d-----w-        c:\program files\html
2011-04-12 20:30 . 2011-04-13 02:13        --------        d-----w-        c:\users\sushikiste\AppData\Local\PMB Files
2011-04-12 20:30 . 2011-04-12 20:31        --------        d-----w-        c:\programdata\PMB Files
2011-04-12 17:35 . 2011-04-12 17:35        --------        d-----w-        c:\users\sushikiste\A96BFADFA15943958E9CA9E2F059A3BB.TMP
2011-04-11 20:46 . 2011-04-11 20:46        --------        d-----w-        c:\program files\Common Files\Java
2011-04-11 20:46 . 2011-04-11 20:46        --------        d-----w-        c:\program files\Java
2011-04-11 16:23 . 2011-04-11 16:24        --------        d-----w-        c:\program files\ICQ7.4
2011-04-11 16:14 . 2011-04-11 16:14        --------        d-----w-        c:\program files\Teamspeak3
2011-04-11 13:37 . 2011-04-14 11:57        --------        d-----w-        c:\program files\unlgluhp
2011-04-03 10:57 . 2011-04-03 10:57        --------        d-----w-        c:\program files\LogMeIn Hamachi
2011-03-28 17:53 . 2011-03-28 17:53        --------        d-----w-        c:\users\sushikiste\AppData\Local\Conduit
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 20:46 . 2010-08-11 01:46        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-03-17 13:55 . 2010-05-08 11:08        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Ocs_SM"="c:\users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-05-13 106496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-06 74752]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1708032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-04-11 16:23        119608        ----a-w-        c:\program files\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10        142120        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestream Procaster]
2010-09-27 07:05        3831072        ----a-w-        c:\program files\Livestream Procaster\Procaster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 14:35        5458704        ------w-        c:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-03-28 13:41        1910152        ----a-w-        c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 17:08        963976        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12        3872080        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12        26192168        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
R3 cdrmkaun;cdrmkaun;c:\users\SUSHIK~1\AppData\Local\Temp\cdrmkaun.sys [x]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 227328]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-29 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010-05-13 40960]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2010-04-21 2368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Free YouTube to Mp3 Converter - c:\users\sushikiste\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\sushikiste\AppData\Roaming\Mozilla\Firefox\Profiles\aumc5ur9.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-RayV - c:\program files\RayV\RayV\RayV.exe
AddRemove-InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D} - c:\program files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe
AddRemove-InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\WMPSideShowGadget.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\RtHDVCpl.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDPop3.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-18  20:33:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-18 18:33
ComboFix2.txt  2010-06-24 14:59
.
Vor Suchlauf: 13 Verzeichnis(se), 148.136.894.464 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 148.073.562.112 Bytes frei
.
- - End Of File - - 3B4B358932AD31FEFDF355324ABA956D
--- --- ---

cosinus 18.04.2011 19:38
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\users\SUSHIK~1\AppData\Local\Temp\cdrmkaun.sys
c:\windows\system32\SVKP.sys
c:\program files\patcher_update_tmp.exe

Folder::
c:\users\sushikiste\A96BFADFA15943958E9CA9E2F059A3BB.TMP
c:\program files\unlgluhp

Driver::
cdrmkaun
SVKP
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Randi 18.04.2011 19:48
wenn ich die txt datei auf die cf.exe ziehen möchte, dann kommt folgende fehlermeldung:

____________________________________
C:\Users\sushikiste\Desktop\cofi.exe

Es wurde versucht einen Registrierungsschlüssel einem unzulässigen Vorgang
zu unterziehen, der zum Löschen markiert wurde
_____________________________________________________________

Das kam auch als ich opera starten wollte, aber als admin konnte ich es ausführen und ausführen, aber wie stelle ich das nun mit dem "rüberziehen" an?

cosinus 18.04.2011 20:34
Starte Windows neu und wiederhol die Prozedur.

Randi 18.04.2011 20:40
den einfall hatte ich auch, als du kurz nicht geantwortet hast :)

hier nun das neue logfile:


Combofix Logfile:
Code:
ComboFix 11-04-17.03 - sushikiste 18.04.2011  21:21:21.3.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.3582.2609 [GMT 2:00]
ausgeführt von:: c:\users\sushikiste\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\sushikiste\Desktop\CFScript.txt
.
FILE ::
"c:\program files\patcher_update_tmp.exe"
"c:\users\SUSHIK~1\AppData\Local\Temp\cdrmkaun.sys"
"c:\windows\system32\SVKP.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\patcher_update_tmp.exe
c:\program files\unlgluhp
c:\users\sushikiste\A96BFADFA15943958E9CA9E2F059A3BB.TMP
c:\users\sushikiste\A96BFADFA15943958E9CA9E2F059A3BB.TMP\WiseCustomCalla.dll
c:\users\sushikiste\A96BFADFA15943958E9CA9E2F059A3BB.TMP\WiseCustomCalla3.exe
c:\windows\system32\SVKP.sys
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CDRMKAUN
-------\Legacy_SVKP
-------\Service_cdrmkaun
-------\Service_SVKP
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-18 bis 2011-04-18  ))))))))))))))))))))))))))))))
.
.
2011-04-18 19:26 . 2011-04-18 19:26        --------        d-----w-        c:\users\Public\AppData\Local\temp
2011-04-18 19:26 . 2011-04-18 19:26        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-18 19:26 . 2011-04-18 19:26        --------        d-----w-        c:\users\Andere\AppData\Local\temp
2011-04-18 18:19 . 2011-04-18 18:33        --------        d-----w-        C:\cofi170c
2011-04-18 14:11 . 2011-04-18 15:18        --------        d-----w-        c:\program files\Fraps
2011-04-15 01:04 . 2011-04-15 01:04        --------        d-----w-        c:\program files\Common Files\Adobe
2011-04-12 23:37 . 2011-04-12 23:37        --------        d-----w-        c:\program files\lol-cb3.patcher_15
2011-04-12 23:36 . 2008-07-12 06:18        467984        ----a-w-        c:\windows\system32\d3dx10_39.dll
2011-04-12 23:36 . 2008-07-12 06:18        1493528        ----a-w-        c:\windows\system32\D3DCompiler_39.dll
2011-04-12 23:36 . 2008-07-12 06:18        3851784        ----a-w-        c:\windows\system32\D3DX9_39.dll
2011-04-12 23:35 . 2011-04-12 23:35        --------        d-----w-        c:\program files\html
2011-04-12 20:30 . 2011-04-13 02:13        --------        d-----w-        c:\users\sushikiste\AppData\Local\PMB Files
2011-04-12 20:30 . 2011-04-12 20:31        --------        d-----w-        c:\programdata\PMB Files
2011-04-11 20:46 . 2011-04-11 20:46        --------        d-----w-        c:\program files\Common Files\Java
2011-04-11 20:46 . 2011-04-11 20:46        --------        d-----w-        c:\program files\Java
2011-04-11 16:23 . 2011-04-11 16:24        --------        d-----w-        c:\program files\ICQ7.4
2011-04-11 16:14 . 2011-04-11 16:14        --------        d-----w-        c:\program files\Teamspeak3
2011-04-03 10:57 . 2011-04-03 10:57        --------        d-----w-        c:\program files\LogMeIn Hamachi
2011-03-28 17:53 . 2011-03-28 17:53        --------        d-----w-        c:\users\sushikiste\AppData\Local\Conduit
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 20:46 . 2010-08-11 01:46        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-03-17 13:55 . 2010-05-08 11:08        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Ocs_SM"="c:\users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-05-13 106496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-06 74752]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1708032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-04-11 16:23        119608        ----a-w-        c:\program files\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10        142120        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestream Procaster]
2010-09-27 07:05        3831072        ----a-w-        c:\program files\Livestream Procaster\Procaster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 14:35        5458704        ------w-        c:\program files\Logitech\Logitech Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-03-28 13:41        1910152        ----a-w-        c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 17:08        963976        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12        3872080        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12        26192168        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 227328]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-29 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010-05-13 40960]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Free YouTube to Mp3 Converter - c:\users\sushikiste\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\sushikiste\AppData\Roaming\Mozilla\Firefox\Profiles\aumc5ur9.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-18 21:34
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\WMPSideShowGadget.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-18  21:38:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-18 19:38
ComboFix2.txt  2011-04-18 18:33
ComboFix3.txt  2010-06-24 14:59
.
Vor Suchlauf: 16 Verzeichnis(se), 148.109.680.640 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 147.247.058.944 Bytes frei
.
- - End Of File - - B332B86F9002B293567AD01C03DAAAEC
--- --- ---


das problem (programme können nur als admin ausgeführt werden) besteht nach dem neustart nach der anwendung von combofix aber immernoch.

cosinus 18.04.2011 21:00
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Randi 18.04.2011 21:43
GMER wollte nicht ..

OSAM:
Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:41:48 on 18.04.2011

OS: Windows Vista Home Premium Edition (Build 6000), 32-bit
Default Browser: Opera Software Opera Internet Browser 11.10

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"lgLcdCpl" - ? - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a112q9ec" (a112q9ec) - "Microsoft Corporation" - C:\Windows\system32\drivers\a112q9ec.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\SUSHIK~1\AppData\Local\Temp\catchme.sys  (File not found)
"Conexant Setup API" (UIUSys) - ? - C:\Windows\System32\DRIVERS\UIUSYS.SYS  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Logitech USB Monitor Filter" (LVUSBSta) - ? - C:\Windows\System32\drivers\LVUSBSta.sys  (File not found)
"NVR0Dev" (NVR0Dev) - "NVidia Corp." - C:\Windows\nvoclock.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.2" - ? - C:\Program Files\ICQ7.2\ICQ.exe  (File not found)
"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\sushikiste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"NETGEAR WG111v3 Smart Wizard.lnk" - ? - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Launch LCDMon" - ? - "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
"Launch LGDCore" - ? - "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
"Launch LgDeviceAgent" - ? - "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Ocs_SM" - "OCS" - C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"nTune Service" (nTuneService) - "NVIDIA" - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
MBRCheck:
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                (build 6000), 32-bit
Base Board Manufacturer:        Dell Inc.
BIOS Manufacturer:                Dell Inc.
System Manufacturer:                Dell Inc.
System Product Name:                Inspiron 531
Logical Drives Mask:                0x000005fc

Kernel Drivers (total 145):
  0x82000000 \SystemRoot\system32\ntkrnlpa.exe
  0x823A1000 \SystemRoot\system32\hal.dll
  0x802C6000 \SystemRoot\system32\kdcom.dll
  0x802BD000 \SystemRoot\system32\PSHED.dll
  0x802B5000 \SystemRoot\system32\BOOTVID.dll
  0x8027A000 \SystemRoot\system32\CLFS.SYS
  0x8051F000 \SystemRoot\system32\CI.dll
  0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8026D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8070D000 \SystemRoot\System32\Drivers\spem.sys
  0x80264000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x8023E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x80461000 \SystemRoot\system32\drivers\acpi.sys
  0x80236000 \SystemRoot\system32\drivers\msisadrv.sys
  0x80227000 \SystemRoot\system32\drivers\volmgr.sys
  0x80202000 \SystemRoot\system32\drivers\pci.sys
  0x80451000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8044A000 \SystemRoot\system32\drivers\pciide.sys
  0x8043C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x806C3000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80434000 \SystemRoot\system32\drivers\atapi.sys
  0x80416000 \SystemRoot\system32\drivers\ataport.SYS
  0x80409000 \SystemRoot\system32\drivers\nvstor.sys
  0x80683000 \SystemRoot\system32\drivers\storport.sys
  0x80652000 \SystemRoot\system32\drivers\fltmgr.sys
  0x80642000 \SystemRoot\system32\drivers\fileinfo.sys
  0x81EFC000 \SystemRoot\system32\drivers\ndis.sys
  0x80617000 \SystemRoot\system32\drivers\msrpc.sys
  0x81EC3000 \SystemRoot\system32\drivers\NETIO.SYS
  0x828F8000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x81E59000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x81E23000 \SystemRoot\system32\drivers\volsnap.sys
  0x80401000 \SystemRoot\System32\Drivers\spldr.sys
  0x80608000 \SystemRoot\System32\drivers\partmgr.sys
  0x81E14000 \SystemRoot\System32\Drivers\mup.sys
  0x828D3000 \SystemRoot\System32\drivers\ecache.sys
  0x81E03000 \SystemRoot\system32\drivers\disk.sys
  0x828B2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x828A9000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8E635000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8E753000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8C21F000 \SystemRoot\system32\DRIVERS\amdk8.sys
  0x8C637000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x8ED73000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x82A40000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8EC1E000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
  0x8E623000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8E60B000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F782000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8C714000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x8F6E5000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8C73A000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F6AC000 \SystemRoot\System32\Drivers\a112q9ec.SYS
  0x8F0D5000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8E600000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8EC07000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F0CA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8F0A7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8C22E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8F094000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8EDBA000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0x8C23D000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F089000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F07E000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8C6C4000 \SystemRoot\system32\DRIVERS\seehcri.sys
  0x8C716000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F054000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8E674000 \SystemRoot\system32\drivers\LGBusEnum.sys
  0x8F04A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8C754000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8F016000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8C3E0000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90457000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8F1D3000 \SystemRoot\system32\drivers\portcls.sys
  0x8F1AE000 \SystemRoot\system32\drivers\drmk.sys
  0x8E777000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8E6CD000 \SystemRoot\System32\Drivers\Null.SYS
  0x8E6D4000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8E6DB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x82A27000 \SystemRoot\System32\drivers\vga.sys
  0x8F14D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8E788000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8E790000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8F122000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8EC93000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8E6F0000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x9066B000 \SystemRoot\System32\drivers\tcpip.sys
  0x8F109000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8F697000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8F683000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8F63C000 \SystemRoot\system32\drivers\afd.sys
  0x8F60A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90441000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8ECA1000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x9042E000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8C6D6000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x90630000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8F600000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x90417000 \SystemRoot\System32\Drivers\dfsc.sys
  0x9060A000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8E76E000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8C380000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8C700000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8E7F8000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x909AE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x90997000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x82810000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x90981000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x8C76E000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8C607000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x8C77B000 \SystemRoot\System32\Drivers\dump_nvstor.sys
  0x96E00000 \SystemRoot\System32\win32k.sys
  0x908B5000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8C26A000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9A400000 \SystemRoot\System32\TSDDD.dll
  0x9A410000 \SystemRoot\System32\cdd.dll
  0x9AC55000 \SystemRoot\system32\drivers\luafv.sys
  0x9AC40000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9CF32000 \SystemRoot\system32\drivers\spsys.sys
  0x8C350000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9CF07000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x90919000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9CEF4000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9CE5F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x9CE4D000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0x9D357000 \SystemRoot\system32\drivers\HTTP.sys
  0x9CE32000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9D28E000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9D27A000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9D25A000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9D23C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9D203000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9E3AE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9E38A000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9E339000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9EB3E000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x9F922000 \SystemRoot\system32\drivers\peauth.sys
  0x9090F000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9AD73000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x8E7B0000 \??\C:\Windows\nvoclock.sys
  0x8EDD8000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
  0x8C70C000 \SystemRoot\system32\drivers\LGVirHid.sys
  0xA787E000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
  0x779F0000 \Windows\System32\ntdll.dll
  0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 73):
      0 System Idle Process
      4 System
    432 C:\Windows\System32\smss.exe
    556 csrss.exe
    604 C:\Windows\System32\wininit.exe
    616 csrss.exe
    648 C:\Windows\System32\services.exe
    672 C:\Windows\System32\lsass.exe
    680 C:\Windows\System32\lsm.exe
    780 C:\Windows\System32\winlogon.exe
    860 C:\Windows\System32\svchost.exe
    924 C:\Windows\System32\nvvsvc.exe
    952 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\audiodg.exe
    1144 C:\Windows\System32\svchost.exe
    1160 C:\Windows\System32\SLsvc.exe
    1188 C:\Windows\System32\svchost.exe
    1332 C:\Windows\System32\svchost.exe
    1548 C:\Windows\System32\spoolsv.exe
    1572 WUDFHost.exe
    1584 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1612 C:\Windows\System32\svchost.exe
    1788 WUDFHost.exe
    1924 C:\Windows\System32\nvvsvc.exe
    260 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    356 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    368 C:\Program Files\Bonjour\mDNSResponder.exe
    536 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    424 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    676 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1244 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    1420 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    2096 C:\Windows\System32\svchost.exe
    2108 C:\Users\sushikiste\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
    2176 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2196 C:\Windows\System32\svchost.exe
    2224 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    2304 C:\Windows\System32\dwm.exe
    2344 C:\Windows\explorer.exe
    2400 C:\Windows\System32\svchost.exe
    2696 WUDFHost.exe
    2876 C:\Windows\System32\taskeng.exe
    2972 C:\Windows\System32\taskeng.exe
    3280 C:\Windows\RtHDVCpl.exe
    3316 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    3356 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    3392 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    3408 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3460 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    3492 C:\Program Files\Winamp\winampa.exe
    3540 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    3552 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    3584 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3640 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3652 C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    3800 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2148 C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    2220 C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    2384 C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
    1448 C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
    1916 C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    708 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    3064 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    872 C:\Program Files\Windows Media Player\wmplayer.exe
    2480 C:\Program Files\Opera\opera.exe
    4016 taskeng.exe
    4332 C:\Windows\servicing\TrustedInstaller.exe
    4180 WmiPrvSE.exe
    5672 C:\Users\sushikiste\Desktop\MBRCheck.exe
    4932 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000  (NTFS)

PhysicalDrive0 Model Number: WDC WD3200AAKS-75SBA, Rev: 12.0

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Windows Vista MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 18.04.2011 21:55
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:38 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131