Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Nach Windows-Recovery-Entfernung: Fehlermeldung (404) beim Surfen (https://www.trojaner-board.de/99747-windows-recovery-entfernung-fehlermeldung-404-beim-surfen.html)

Tuidsi 30.05.2011 10:19
Nach Windows-Recovery-Entfernung: Fehlermeldung (404) beim Surfen
 
Hallo,

ich habe mir gestern dummerweise Windows Vista Recovery eingefangen, konnte es aber dank eurer Anleitung entfernen. Ich führte einen Scan mit Malwarebytes Anti-Malware durch, die 8 gefunden infizierten Objekte entfernte. Bei meinen Daten, die infolgedessen versteckt waren, hab ich den Haken bei "versteckt" rausgenommen, sodass dabei wieder alles beim Alten zu sein scheint.
Dafür schonmal ein großes Dankeschön an euch.

Allerdings tritt beim Surfen über kurz oder lang immer wieder ein Problem auf, und zwar dass ich keine Seite mehr erreichen kann. Die Fehlermeldung sieht dann meist so (oder so ähnlich) aus: "Invalid URL
The requested URL "/", is invalid.

Reference #9.36447b5c.1306745311.23c5495b" oder "domain suspended" oder "404 Not Found".
Nach einem Neustart des Computers funktioniert das Ganze wieder für ein paar Minuten/Seiten.

Ich habe erfolgreich einen Scan mit OTL durchgeführt und wollte auch einen mit Gmer machen. Dabei erschien aber kurze Zeit nach dem Starten des Scans die Meldung, dass das Programm nicht mehr funktioniert.

OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 30.05.2011 09:57:00 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Benni\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,73% Memory free
4,22 Gb Paging File | 3,29 Gb Available in Paging File | 77,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 45,68 Gb Free Space | 21,11% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 53,33 Gb Free Space | 49,74% Space Free | Partition Type: NTFS
 
Computer Name: BENNI-PC | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Users\Benni\AppData\Roaming\Adobe\mmplayer.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G DATA Software AG)
PRC - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe (G DATA Software AG)
PRC - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe (G DATA Software AG)
PRC - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe (G DATA Software AG)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G DATA Software AG)
SRV - (AVKService) -- C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe (G DATA Software AG)
SRV - (AVKWCtl) -- C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe (G DATA Software AG)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G DATA Software AG)
DRV - (GDTdiInterceptor) -- C:\Windows\System32\drivers\GDTdiIcpt.sys ()
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G DATA Software AG)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ViPrt) -- C:\Windows\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)
DRV - (ViBus) -- C:\Windows\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.30 09:15:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 10:38:49 | 000,000,000 | ---D | M]
 
[2008.08.28 06:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions
[2011.05.30 09:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions
[2011.03.04 18:26:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.26 19:15:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.06 15:13:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.04 21:30:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.14 06:39:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.09 11:29:03 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.05.06 15:13:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\engine@conduit.com
[2009.11.15 19:14:18 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\moveplayer@movenetworks.com
[2009.12.15 08:07:32 | 000,000,881 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\searchplugins\conduit.xml
[2011.05.30 09:13:22 | 000,000,950 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\searchplugins\icqplugin-1.xml
[2009.07.23 12:55:55 | 000,000,950 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\searchplugins\icqplugin-2.xml
[2009.08.04 12:30:33 | 000,000,950 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\searchplugins\icqplugin-3.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\searchplugins\icqplugin.xml
[2008.04.11 18:47:21 | 000,000,273 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\searchplugins\search.xml
[2011.05.30 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.06.07 12:48:43 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.21 09:44:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.05 09:22:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\BENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POO43JUF.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\BENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POO43JUF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POO43JUF.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Germany GmbH)
O4 - HKLM..\Run: [AVKTray] C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [recinfo294] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [mmplayer.exe] C:\Users\Benni\AppData\Roaming\Adobe\mmplayer.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benni\Pictures\schweiz.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benni\Pictures\schweiz.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.30 09:36:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2011.05.30 09:24:58 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTH.scr
[2011.05.29 18:37:17 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Malwarebytes
[2011.05.29 18:37:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 18:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.29 18:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.29 18:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.05.29 17:40:41 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.26 19:14:34 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\ICQ
[4 C:\Users\Benni\Documents\*.tmp files -> C:\Users\Benni\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.30 09:49:45 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.05.30 09:47:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.30 09:47:29 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.30 09:47:29 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.30 09:47:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.30 09:47:20 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.30 09:36:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2011.05.30 09:24:57 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTH.scr
[2011.05.30 09:15:49 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.30 08:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.29 19:16:17 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2011.05.29 18:37:05 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.29 17:50:12 | 000,000,384 | ---- | M] () -- C:\ProgramData\21815056
[2011.05.29 17:47:36 | 000,000,136 | ---- | M] () -- C:\ProgramData\~21815056r
[2011.05.29 17:47:36 | 000,000,128 | ---- | M] () -- C:\ProgramData\~21815056
[2011.05.29 09:27:42 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{547E4987-006D-4BD5-9A9B-D6F4519F2E8A}.job
[2011.05.26 23:09:58 | 000,000,012 | ---- | M] () -- C:\Users\Benni\Desktop\prefs.dat
[2011.05.26 18:09:28 | 000,204,800 | ---- | M] () -- C:\Users\Benni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.08 20:48:34 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.08 20:48:34 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.08 20:48:34 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.08 20:48:34 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.01 20:23:35 | 000,000,852 | ---- | M] () -- C:\Users\Benni\.recently-used.xbel
[4 C:\Users\Benni\Documents\*.tmp files -> C:\Users\Benni\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.30 09:15:49 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.30 09:15:49 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.29 19:16:16 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.05.29 18:37:05 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.29 17:40:54 | 000,000,136 | ---- | C] () -- C:\ProgramData\~21815056r
[2011.05.29 17:40:54 | 000,000,128 | ---- | C] () -- C:\ProgramData\~21815056
[2011.05.29 17:40:11 | 000,000,384 | ---- | C] () -- C:\ProgramData\21815056
[2011.05.01 20:23:35 | 000,000,852 | ---- | C] () -- C:\Users\Benni\.recently-used.xbel
[2010.04.26 10:32:22 | 000,000,680 | ---- | C] () -- C:\Users\Benni\AppData\Local\d3d9caps.dat
[2010.01.06 01:05:46 | 000,004,096 | ---- | C] () -- C:\Users\Benni\AppData\Local\keyfile3.drm
[2009.11.13 18:00:47 | 000,005,732 | ---- | C] () -- C:\Windows\unins000.dat
[2008.09.22 20:48:40 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.09.05 14:39:40 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008.03.15 13:18:57 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2008.02.20 19:27:09 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.01.07 19:29:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.01.04 23:58:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007.12.30 14:26:56 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007.12.26 10:55:31 | 000,204,800 | ---- | C] () -- C:\Users\Benni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.16 04:23:40 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.11.16 04:23:39 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.11.16 04:19:21 | 000,039,120 | ---- | C] () -- C:\Windows\System32\drivers\GDTdiIcpt.sys
[2007.11.16 04:17:26 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006.11.02 21:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 17:33:31 | 000,641,106 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,116,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,382,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,609,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,726 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.01.15 13:57:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Any Video Converter
[2011.04.05 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ChessBase
[2011.04.19 09:33:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.01 06:35:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\foobar2000
[2010.09.10 01:02:50 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FreeFLVConverter
[2011.05.26 19:15:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ICQ
[2008.01.03 17:16:18 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ICQ Toolbar
[2009.11.17 21:08:34 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\JBF Software
[2009.10.27 17:28:54 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Leadertech
[2008.01.17 21:14:45 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MAGIX
[2008.04.10 19:33:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Qlikworld
[2010.06.06 16:51:00 | 000,000,364 | -H-- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2011.05.30 09:46:24 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.29 09:27:42 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{547E4987-006D-4BD5-9A9B-D6F4519F2E8A}.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2009.01.06 22:49:34 | 000,024,064 | ---- | M] ()(C:\Users\Benni\Documents\?ghzhzh.doc) -- C:\Users\Benni\Documents\卐ghzhzh.doc
[2009.01.06 22:49:33 | 000,024,064 | ---- | C] ()(C:\Users\Benni\Documents\?ghzhzh.doc) -- C:\Users\Benni\Documents\卐ghzhzh.doc
 
< End of report >
--- --- ---


Extras.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 30.05.2011 09:57:00 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Benni\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,73% Memory free
4,22 Gb Paging File | 3,29 Gb Available in Paging File | 77,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 45,68 Gb Free Space | 21,11% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 53,33 Gb Free Space | 49,74% Space Free | Partition Type: NTFS
 
Computer Name: BENNI-PC | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B3D0503-A807-4ADF-8CD5-F2EE7ABE00FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{623AFFD2-26F3-42E0-ADDB-B6F7B75D1259}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{6315AACB-EBD5-483D-BCBC-F6428A40D850}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{9875426E-394D-4786-88F1-06A0C11DDF5A}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{F466CB2B-C01A-4D8F-B501-89ACB55C39DF}" = lport=9000 | protocol=6 | dir=in | name=magix upnp media server |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16F692D4-6FC2-4FC9-B968-A50664CFF9B2}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{23D099FD-D69F-447C-A472-9859AB60CA6D}" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"{450CCA17-0E24-410C-BE56-298104A6702E}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{EFDD1B3C-855B-4224-8FFE-C00FF1A9C048}" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{09F83561-971C-48E3-AD5B-6ED6EECA2FC8}C:\bluebyte\siedler3\s3.exe" = protocol=6 | dir=in | app=c:\bluebyte\siedler3\s3.exe |
"TCP Query User{1A9A90E3-2A83-4B15-B5F9-FAD2284A2F04}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{280DF8E3-64B1-44F1-B8B1-BC7807F09EE8}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{2EE6A014-F488-494B-BCEE-0FB31AA55C00}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{4D44949E-74F9-4825-B34C-4D4AFF9959F1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{6C679089-D391-4A0C-BF58-45ABED1FDDAF}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{6FC509E2-7E2F-4393-8269-881494EF5929}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{7FEADA26-6CBE-4FFF-98EF-D06B853E55D2}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{7FF4F91D-4651-48C7-A522-4BB0C92545F9}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{B1D7A58A-F625-4F75-BFCF-B32554D12910}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{B26D4A4B-AD32-4785-A395-631C478B76F7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{BEFE1D79-8B8F-4C1C-BDBC-6C86926776AF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C260BB8B-BFCD-4B2E-A2ED-1A2A811D76CB}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{C3FB0E17-DF17-4623-8310-AFE533A8E37B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{DCF30CB2-E64C-46E1-BA1C-920E835D4647}C:\program files\sopcast\sopvod.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopvod.exe |
"TCP Query User{DE34F050-A652-41CB-A991-38453F7C7182}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0A8AEAB7-C370-4A46-AA83-C8C7A37986AE}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{23D22D3D-B8C1-4DF2-8128-E53C564BD128}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{241A3218-9EAC-4DA1-8B4A-A95F2FC539B2}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{2CA08231-E2AA-43AE-A177-808CCEBA71BF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{31D007D8-C561-40C2-8EE8-BC74F56FA5CB}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{56E88A37-4B22-4AFE-B9F9-3F45DAFD8C7F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{57CEBCC4-0CD2-48EA-8055-64FA1D5C2452}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{978FA28F-CED2-4A4B-8F99-FA8FCB5783B9}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{97FFEF9A-CFEB-419A-B514-FC578E86E571}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{B7860D3C-2C90-4CDC-AE8F-1B173151350E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{B8CD15AA-A8C4-4D7B-A542-7F7834DEA11A}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{BA205C2B-58DF-4664-9175-2C1CAA0F6802}C:\program files\sopcast\sopvod.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopvod.exe |
"UDP Query User{BE06FD49-C71A-4AC9-94B7-D4592FCB7ABF}C:\bluebyte\siedler3\s3.exe" = protocol=17 | dir=in | app=c:\bluebyte\siedler3\s3.exe |
"UDP Query User{D85EA8A0-AA22-4601-A6FE-EC6909197042}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DDB5A942-1E69-480B-8BAB-008D990D89B1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{DE3B5D5A-64D3-413A-942F-CF8D306BD603}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06238444-BD04-417E-859A-C2543A784272}" = Fritz7 Demo
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11 WM Edition
"{1AD2EC5E-9A73-452B-8C87-43D2E32C3831}" = Fritz11 WM Edition
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D0FEAB4-5D81-4461-A9CA-766B530FC6EA}" = G DATA AntiVirenKit
"{4DECFC9F-2310-4C02-009A-B6758306EF00}" = FIFA 06
"{52537172-CBB0-44C4-BBB4-CC992BAF81F4}" = Playchess
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{552C5B4A-595F-4FA6-B2AD-2F1B2A333CE5}" = Fritz7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}" = Playchess
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D794373D-4197-4F77-AB73-5404A005E043}" = Mathematik interaktiv
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Codeur Windows Media Série 9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Video Converter_is1" = Any Video Converter 2.7.2
"Arena 2.0.1_is1" = Arena 2.0.1
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"BitComet FLV Converter" = BitComet FLV Converter 1.0
"Blue Byte Game Channel" = Blue Byte Game Channel
"bowili-Schach" = bowili-Schach
"Cradle of Rome" = Cradle of Rome (remove only)
"ÐÂÀËÖ±²¥" = ÐÂÀËÖ±²¥
"DivX Setup.divx.com" = DivX-Setup
"FarmingSimulator2009DemoDE_is1" = Landwirtschafts-Simulator 2009 Demo
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"foobar2000" = foobar2000 v1.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 2.0
"Free FLV Converter_is1" = Free FLV Converter V 6.92.0
"Free YouTube Download_is1" = Free YouTube Download version 2.10.30
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Indeo® software" = Indeo® software
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.2.0.79 (D)
"MAGIX Media Suite D" = MAGIX Media Suite 1.12.0.89 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.144 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE 3.1.0.4 (D)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"phase5" = phase5
"Poker Superstars II" = Poker Superstars II (remove only)
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"S2TNG" = Die Siedler II - Die nächste Generation
"S3" = Die Siedler III Gold Edition
"S4Uninst" = Die Siedler IV
"Sea3D_is1" = Sea3D 1.2.0a
"Sevilla" = Sevilla
"SopCast" = SopCast 2.0.4
"Trillian" = Trillian
"TVUPlayer" = TVUPlayer 2.3.4.1
"Uninstall_is1" = Uninstall 1.0.0.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Windows Media Encoder 9" = Codeur Windows Media Série 9
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinRAR archiver" = WinRAR
"Worms Armageddon" = Worms Armageddon
"Zattoo" = Zattoo 3.2.4 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"Kellogg's Clip Studio" = Kellogg's Clip Studio
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.01.2010 08:39:28 | Computer Name = Benni-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 12.01.2010 12:29:47 | Computer Name = Benni-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 12.01.2010 15:48:31 | Computer Name = Benni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 13.01.2010 13:26:34 | Computer Name = Benni-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 13.01.2010 13:27:14 | Computer Name = Benni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 13.01.2010 14:34:08 | Computer Name = Benni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 13.01.2010 15:29:45 | Computer Name = Benni-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 14.01.2010 07:11:45 | Computer Name = Benni-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 14.01.2010 09:53:32 | Computer Name = Benni-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.01.2010 10:49:18 | Computer Name = Benni-PC | Source = WerSvc | ID = 5007
Description =
 
[ System Events ]
Error - 14.05.2011 01:07:29 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19.05.2011 00:29:51 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 19.05.2011 15:19:21 | Computer Name = Benni-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 19.05.2011 um 19:43:44 unerwartet heruntergefahren.
 
Error - 19.05.2011 15:24:33 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 26.05.2011 00:30:18 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 26.05.2011 13:15:15 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 29.05.2011 11:44:57 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 29.05.2011 11:52:04 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 29.05.2011 12:02:49 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 29.05.2011 12:34:38 | Computer Name = Benni-PC | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >
--- --- ---

cosinus 30.05.2011 15:31
Zitat:
Ich führte einen Scan mit Malwarebytes Anti-Malware durch, die 8 gefunden infizierten Objekte entfernte.
Bitte alle Logs von Malwarebytes posten

Tuidsi 01.06.2011 17:32
Also, das Problem, dass ich nach einiger Zeit keine Seite mehr erreichen kann, besteht nicht mehr (was ich in keinerlei logischen Zusammenhang bringen kann).
Allerdings gibt es immer noch einige Dinge, die so vorher nicht waren: Browser sind allgemein ziemlich langsam (z.B. Zoomen bei Google Maps dauert gefühlt ne halbe Ewigkeit); die Fehlermeldung "COM Surrogate funktioniert nicht mehr" erscheint; vereinzelt treten Programmabstürze auf; einige Symbole im Infobereich in der Taskleiste funktionieren nicht oder Ähnliches.

Die Malware-Logs:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6716

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

29.05.2011 18:52:20
mbam-log-2011-05-29 (18-52-20).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 154394
Laufzeit: 12 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E596DF5F-4239-4D40-8367-EBADF0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UtYUtxpPbB (Trojan.FakeMS) -> Value: UtYUtxpPbB -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Value: *.securewebinfo.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Value: *.safetyincludes.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Value: *.securemanaging.com -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\winspykiller (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
c:\Windows\System32\215651 (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\utyutxppbb.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\tmp950B.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\tmpB37F.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Benni\favorites\online security test.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\zfe1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\programdata\21815056.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\winspykiller\uninstall.exe (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
c:\program files\winspykiller\winspykiller.lic (Rogue.WinSpyKiller) -> Quarantined and deleted successfully.
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Delete on reboot.



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6716

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

29.05.2011 21:03:15
mbam-log-2011-05-29 (21-03-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 353661
Laufzeit: 1 Stunde(n), 43 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 01.06.2011 20:50
Zitat:
Datenbank Version: 6716
Die Datenbanken waren aber nicht wirklich aktuell. Bitte updaten und einen neuen Vollscan machen.

Tuidsi 04.06.2011 20:06
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6770

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

04.06.2011 20:57:43
mbam-log-2011-06-04 (20-57-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 389760
Laufzeit: 3 Stunde(n), 14 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 26

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\Benni\jload6D.dll (Heuristics.Shuriken) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Benni\jload6D.dll (Heuristics.Shuriken) -> Delete on reboot.
c:\Users\Benni\lploadc30.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\mloadAD.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\nyload3A.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\0.2934952303762567.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\0.3094727627273879.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\0.458513860754307.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\0.7053708425996243.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\0.7229964146657314.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\0.7291026526857309.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\0.8045349063284447.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\0.8778943844370323.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\0.9866139895409552.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\14B7.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\1DFE.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\2A04.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\32FD.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\93D0.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\A8EE.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\AEC5.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Local\Temp\C3A5.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanndiskur98.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanpdiskb82.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanudiskh68.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanxdiskbk86.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Benni\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

cosinus 05.06.2011 12:59
Bitte ein frisches OTL-Log erstellen:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Tuidsi 05.06.2011 17:32
OTL Logfile:
Code:
OTL logfile created on: 05.06.2011 18:11:22 - Run 2
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Benni\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 62,02% Memory free
4,22 Gb Paging File | 3,21 Gb Available in Paging File | 76,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 43,98 Gb Free Space | 20,32% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 53,33 Gb Free Space | 49,74% Space Free | Partition Type: NTFS
Drive E: | 65,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BENNI-PC | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benni\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Users\Benni\AppData\Roaming\Adobe\mmplayer.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G DATA Software AG)
PRC - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe (G DATA Software AG)
PRC - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe (G DATA Software AG)
PRC - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe (G DATA Software AG)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Benni\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G DATA Software AG)
SRV - (AVKService) -- C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe (G DATA Software AG)
SRV - (AVKWCtl) -- C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe (G DATA Software AG)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G DATA Software AG)
DRV - (GDTdiInterceptor) -- C:\Windows\System32\drivers\GDTdiIcpt.sys ()
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G DATA Software AG)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ViPrt) -- C:\Windows\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)
DRV - (ViBus) -- C:\Windows\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.30 09:15:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 10:38:49 | 000,000,000 | ---D | M]
 
[2008.08.28 06:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions
[2011.06.02 12:14:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions
[2011.03.04 18:26:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.26 19:15:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.06 15:13:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.04 21:30:55 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.14 06:39:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.09 11:29:03 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.05.06 15:13:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\engine@conduit.com
[2009.11.15 19:14:18 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\poo43juf.default\extensions\moveplayer@movenetworks.com
[2009.12.15 08:07:32 | 000,000,881 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\searchplugins\conduit.xml
[2011.06.02 08:20:28 | 000,000,950 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\searchplugins\icqplugin-1.xml
[2009.07.23 12:55:55 | 000,000,950 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\searchplugins\icqplugin-2.xml
[2009.08.04 12:30:33 | 000,000,950 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\searchplugins\icqplugin-3.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\searchplugins\icqplugin.xml
[2008.04.11 18:47:21 | 000,000,273 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\searchplugins\search.xml
[2011.05.30 09:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.06.07 12:48:43 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.21 09:44:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.05 09:22:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\BENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POO43JUF.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\BENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POO43JUF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BENNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POO43JUF.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Germany GmbH)
O4 - HKLM..\Run: [AVKTray] C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [recinfo294] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [mmplayer.exe] C:\Users\Benni\AppData\Roaming\Adobe\mmplayer.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benni\Pictures\schweiz.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benni\Pictures\schweiz.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 03:46:54 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{61b15f61-b240-11dc-b9d9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{61b15f61-b240-11dc-b9d9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LGInstaller.exe -- [2009.08.24 06:53:34 | 000,307,200 | R--- | M] ()
O33 - MountPoints2\{82e4ace9-8acf-11e0-af6a-0019dbf9ed6e}\Shell - "" = AutoRun
O33 - MountPoints2\{82e4ace9-8acf-11e0-af6a-0019dbf9ed6e}\Shell\AutoRun\command - "" = L:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\System32\Iyvu9_32.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.30 19:43:00 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\LG PC Suite IV
[2011.05.30 19:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite IV
[2011.05.30 19:43:00 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\LG Electronics
[2011.05.30 19:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\LG Electronics
[2011.05.30 19:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2011.05.30 11:56:46 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Microsoft Word
[2011.05.30 09:36:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2011.05.30 09:24:58 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTH.scr
[2011.05.29 18:37:17 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Malwarebytes
[2011.05.29 18:37:04 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 18:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.29 18:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.29 18:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.05.29 18:35:24 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Benni\Desktop\mbam-setup.exe
[2011.05.29 17:40:41 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.26 19:14:34 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\ICQ
[4 C:\Users\Benni\Documents\*.tmp files -> C:\Users\Benni\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.05 17:34:42 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.05 17:34:42 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.05 17:24:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.05 16:09:22 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{547E4987-006D-4BD5-9A9B-D6F4519F2E8A}.job
[2011.06.05 15:23:20 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.06.05 12:01:19 | 000,641,106 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.05 12:01:19 | 000,609,944 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.05 12:01:19 | 000,116,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.05 12:01:19 | 000,103,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.05 08:34:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.05 08:34:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.05 08:34:36 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.01 15:50:34 | 000,210,432 | ---- | M] () -- C:\Users\Benni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.30 19:43:00 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite IV.lnk
[2011.05.30 10:08:29 | 000,302,592 | ---- | M] () -- C:\Users\Benni\Desktop\glg10gfb.exe
[2011.05.30 09:36:49 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2011.05.30 09:24:57 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTH.scr
[2011.05.30 09:15:49 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.29 19:16:17 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2011.05.29 18:37:05 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.29 18:35:33 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Benni\Desktop\mbam-setup.exe
[2011.05.29 17:50:12 | 000,000,384 | ---- | M] () -- C:\ProgramData\21815056
[2011.05.29 17:47:36 | 000,000,136 | ---- | M] () -- C:\ProgramData\~21815056r
[2011.05.29 17:47:36 | 000,000,128 | ---- | M] () -- C:\ProgramData\~21815056
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.26 23:09:58 | 000,000,012 | ---- | M] () -- C:\Users\Benni\Desktop\prefs.dat
[4 C:\Users\Benni\Documents\*.tmp files -> C:\Users\Benni\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.30 19:43:00 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite IV.lnk
[2011.05.30 10:08:30 | 000,302,592 | ---- | C] () -- C:\Users\Benni\Desktop\glg10gfb.exe
[2011.05.30 09:15:49 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.30 09:15:49 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.29 19:16:16 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.05.29 18:37:05 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.29 17:40:54 | 000,000,136 | ---- | C] () -- C:\ProgramData\~21815056r
[2011.05.29 17:40:54 | 000,000,128 | ---- | C] () -- C:\ProgramData\~21815056
[2011.05.29 17:40:11 | 000,000,384 | ---- | C] () -- C:\ProgramData\21815056
[2010.04.26 10:32:22 | 000,000,680 | ---- | C] () -- C:\Users\Benni\AppData\Local\d3d9caps.dat
[2010.01.06 01:05:46 | 000,004,096 | ---- | C] () -- C:\Users\Benni\AppData\Local\keyfile3.drm
[2009.11.13 18:00:47 | 000,005,732 | ---- | C] () -- C:\Windows\unins000.dat
[2009.08.19 09:26:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2008.09.22 20:48:40 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.09.05 14:39:40 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008.03.15 13:18:57 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2008.02.20 19:27:09 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.01.07 19:29:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.01.04 23:58:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007.12.30 14:26:56 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2007.12.26 10:55:31 | 000,210,432 | ---- | C] () -- C:\Users\Benni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.16 04:23:40 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.11.16 04:23:39 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.11.16 04:19:21 | 000,039,120 | ---- | C] () -- C:\Windows\System32\drivers\GDTdiIcpt.sys
[2007.11.16 04:17:26 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006.11.02 21:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 17:33:31 | 000,641,106 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,116,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,382,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,609,944 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,726 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.01.15 13:57:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Any Video Converter
[2011.04.05 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ChessBase
[2011.04.19 09:33:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.01 06:35:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\foobar2000
[2010.09.10 01:02:50 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FreeFLVConverter
[2011.05.26 19:15:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ICQ
[2008.01.03 17:16:18 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ICQ Toolbar
[2009.11.17 21:08:34 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\JBF Software
[2009.10.27 17:28:54 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Leadertech
[2008.01.17 21:14:45 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MAGIX
[2008.04.10 19:33:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Qlikworld
[2010.06.06 16:51:00 | 000,000,364 | -H-- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2011.06.05 02:24:11 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.05 16:09:22 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{547E4987-006D-4BD5-9A9B-D6F4519F2E8A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.08.23 13:53:27 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Adobe
[2011.01.15 13:57:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Any Video Converter
[2008.06.20 21:56:11 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Apple Computer
[2011.04.05 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ChessBase
[2008.10.26 19:34:41 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\COREL
[2010.09.30 15:03:24 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DivX
[2011.06.01 15:55:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\dvdcss
[2011.04.19 09:33:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.01 06:35:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\foobar2000
[2010.09.10 01:02:50 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\FreeFLVConverter
[2008.10.08 22:56:38 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Google
[2011.05.26 19:15:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ICQ
[2008.01.03 17:16:18 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\ICQ Toolbar
[2007.12.24 19:05:09 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Identities
[2007.12.25 15:48:36 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\InstallShield
[2008.02.26 17:41:21 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\InstallShield Installation Information
[2009.11.17 21:08:34 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\JBF Software
[2009.10.27 17:28:54 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Leadertech
[2007.12.25 15:44:39 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Macromedia
[2008.01.17 21:14:45 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\MAGIX
[2011.05.29 18:37:17 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Media Center Programs
[2010.01.16 03:44:19 | 000,000,000 | --SD | M] -- C:\Users\Benni\AppData\Roaming\Microsoft
[2009.05.07 16:13:17 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\mIRC
[2008.08.28 06:59:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Mozilla
[2008.01.24 21:05:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Nero
[2008.04.10 19:33:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Qlikworld
[2008.09.11 16:51:47 | 000,000,000 | R--D | M] -- C:\Users\Benni\AppData\Roaming\SecuROM
[2008.01.07 16:22:21 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TVU Networks
[2008.11.11 15:36:24 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\vlc
[2007.12.28 11:41:22 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.08.23 13:53:27 | 000,032,768 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Adobe\mmplayer.exe
[2006.06.21 16:10:16 | 000,107,512 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Benni\AppData\Roaming\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe
[2011.04.30 10:36:39 | 000,188,152 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\FlashGot.exe
[2008.08.22 20:19:47 | 005,244,440 | ---- | M] (TVU networks) -- C:\Users\Benni\AppData\Roaming\TVU Networks\TVU AutoUpgrade\TVUPlayer2.3.7.1.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2007.11.03 01:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\drivers\AGP440.sys
[2007.11.03 01:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys
[2007.11.03 01:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2007.11.03 01:53:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\System32\drivers\atapi.sys
[2007.11.03 01:53:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_44b6b0d0\atapi.sys
[2007.11.03 01:53:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20694_none_db7e36353dc64123\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\drivers\nvstor32.sys
[2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2007.11.03 01:17:10 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2007.11.03 01:17:10 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20587_none_cb8c4940898e24a6\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\drivers\viamraid.sys
[2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_74a36694\viamraid.sys
 
< MD5 for: VIPRT.SYS  >
[2007.03.26 15:26:00 | 000,052,224 | -H-- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\DRIVER\SATA\VIA\ViPrt.sys
[2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\System32\drivers\ViPrt.sys
[2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\System32\DriverStore\FileRepository\viprt.inf_86543378\ViPrt.sys
 
< MD5 for: WININIT.EXE  >
[2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\System32\wininit.exe
[2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\System32\winlogon.exe
[2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007.11.16 13:05:03 | 008,011,776 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.11.16 13:05:00 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.11.16 13:05:03 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.11.16 13:05:12 | 016,478,208 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.11.16 13:05:14 | 006,029,312 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2009.01.06 22:49:34 | 000,024,064 | ---- | M] ()(C:\Users\Benni\Documents\?ghzhzh.doc) -- C:\Users\Benni\Documents\卐ghzhzh.doc
[2009.01.06 22:49:33 | 000,024,064 | ---- | C] ()(C:\Users\Benni\Documents\?ghzhzh.doc) -- C:\Users\Benni\Documents\卐ghzhzh.doc

< End of report >
--- --- ---

cosinus 05.06.2011 18:18
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [mmplayer.exe] C:\Users\Benni\AppData\Roaming\Adobe\mmplayer.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 03:46:54 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{61b15f61-b240-11dc-b9d9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{61b15f61-b240-11dc-b9d9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LGInstaller.exe -- [2009.08.24 06:53:34 | 000,307,200 | R--- | M] ()
O33 - MountPoints2\{82e4ace9-8acf-11e0-af6a-0019dbf9ed6e}\Shell - "" = AutoRun
O33 - MountPoints2\{82e4ace9-8acf-11e0-af6a-0019dbf9ed6e}\Shell\AutoRun\command - "" = L:\LGAutoRun.exe
[2011.05.29 17:50:12 | 000,000,384 | ---- | M] () -- C:\ProgramData\21815056
[2011.05.29 17:47:36 | 000,000,136 | ---- | M] () -- C:\ProgramData\~21815056r
[2011.05.29 17:47:36 | 000,000,128 | ---- | M] () -- C:\ProgramData\~21815056
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Tuidsi 10.06.2011 23:04
Also, die von mir o.g. Probleme treten nicht mehr auf. Was mir noch häufiger passiert ist, dass, wenn ich etwas google und einen Treffer anklicke, nicht bei der entsprechenden Adresse lande, sondern zu einer anderen Seite weitergeleitet (lt. Chronik über clickbattery.org) werde, z.B. gomeo.de mit der entsprechenden Suchanfrage. - Nur zur Info; ob sich noch schadhafte Dateien aufm Rechner befinden vermag ich natürlich nicht zu beurteilen.
Ich bitte zu entschuldigen, dass meine Antworten z.T. etwas länger dauern, habe nicht immer Zeit.
Der OTL-Log:

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mmplayer.exe deleted successfully.
C:\Users\Benni\AppData\Roaming\Adobe\mmplayer.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61b15f61-b240-11dc-b9d9-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61b15f61-b240-11dc-b9d9-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61b15f61-b240-11dc-b9d9-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61b15f61-b240-11dc-b9d9-806e6f6e6963}\ not found.
File move failed. E:\LGInstaller.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e4ace9-8acf-11e0-af6a-0019dbf9ed6e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e4ace9-8acf-11e0-af6a-0019dbf9ed6e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e4ace9-8acf-11e0-af6a-0019dbf9ed6e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e4ace9-8acf-11e0-af6a-0019dbf9ed6e}\ not found.
File L:\LGAutoRun.exe not found.
C:\ProgramData\21815056 moved successfully.
C:\ProgramData\~21815056r moved successfully.
C:\ProgramData\~21815056 moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06102011_233601

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\LGInstaller.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 10.06.2011 23:09
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Tuidsi 15.06.2011 07:42
Der tdsskiller startet leider nicht (öffnen, "Ausführen", "Zulassen" -> es passiert aber nichts; egal ob als Administrator ausgeführt oder nicht).
Unhide.exe habe ich durchgeführt.

cosinus 15.06.2011 09:25
Dann erstmal CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Tuidsi 15.06.2011 10:51
log.txt:

Combofix Logfile:
Code:
ComboFix 11-06-14.03 - Benni 15.06.2011  11:26:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.2046.1380 [GMT 2:00]
ausgeführt von:: c:\users\Benni\Desktop\cofi.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\firststeps\FirstSteps.exe
c:\users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
c:\users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
c:\users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
c:\vlcportable\VLCPortable.exe
c:\windows\IsUn0407.exe
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2011-05-15 bis 2011-06-15  ))))))))))))))))))))))))))))))
.
.
2011-06-15 09:39 . 2011-06-15 09:39        --------        d-----w-        c:\users\Benni\AppData\Local\temp
2011-06-14 08:13 . 2011-05-09 20:46        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{334B8D97-A823-4200-87FD-2D3A6DDCC38B}\mpengine.dll
2011-06-10 21:36 . 2011-06-10 21:36        --------        d-----w-        C:\_OTL
2011-06-07 20:19 . 2011-06-07 20:19        --------        d-----w-        c:\program files\ICQ7.5
2011-06-06 06:18 . 2011-06-06 06:18        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-30 17:43 . 2011-05-30 17:43        --------        d-----w-        c:\users\Benni\AppData\Local\LG Electronics
2011-05-30 17:42 . 2011-05-30 17:42        --------        d-----w-        c:\programdata\LG Electronics
2011-05-30 17:36 . 2011-05-30 17:42        --------        d-----w-        c:\program files\LG Electronics
2011-05-29 17:16 . 2011-05-29 17:16        2560        ----a-w-        c:\windows\_MSRSTRT.EXE
2011-05-29 16:37 . 2011-05-29 16:37        --------        d-----w-        c:\users\Benni\AppData\Roaming\Malwarebytes
2011-05-29 16:37 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:37 . 2011-05-29 16:37        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-29 16:36 . 2011-06-04 15:40        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-05-26 17:14 . 2011-06-13 22:01        --------        d-----w-        c:\users\Benni\AppData\Roaming\ICQ
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:40 . 2011-05-30 07:15        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-01 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-01 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"AVKTray"="c:\programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe" [2007-04-02 1042256]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-02 83568]
"recinfo294"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 gupdate1ca232a51e4fcef;Google Update Service (gupdate1ca232a51e4fcef);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 133104]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
S2 AVKProxy;AVKProxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2007-05-03 649040]
S2 AVKService;AVK Service;c:\programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe [2007-04-02 407376]
S2 AVKWCtl;AVK Wächter;c:\programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe [2007-04-02 1103696]
S2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2007-11-16 39120]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2007-11-16 47312]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2007-11-16 32464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-25 07:02]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 13:12]
.
2011-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-22 13:12]
.
2011-06-14 c:\windows\Tasks\User_Feed_Synchronization-{547E4987-006D-4BD5-9A9B-D6F4519F2E8A}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube Download - c:\users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Benni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\poo43juf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Arena 2.0.1_is1 - c:\program files\Arena\unins000.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Audio Converter_is1 - c:\program files\DVDVideoSoft\Free Audio Converter\unins000.exe
AddRemove-Free YouTube Download_is1 - c:\program files\DVDVideoSoft\Free YouTube Download\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe
AddRemove-Indeo® software - c:\windows\IsUn0407.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-Worms Armageddon - c:\windows\IsUn0407.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\DivXConverterUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-15 11:39
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2633572158-1646373292-2735752979-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:50,0a,50,08,29,5d,c2,b1,b5,bd,c7,dd,57,b5,02,78,db,84,3d,89,71,6b,27,
  48,a2,dc,08,0c,80,4e,7b,8f,7d,33,f6,a3,6f,1b,d3,91,05,f6,a7,81,41,c2,e4,ee,\
"??"=hex:5c,28,08,0f,b3,90,cc,0d,18,7c,f1,23,8f,38,a5,94
.
[HKEY_USERS\S-1-5-21-2633572158-1646373292-2735752979-1000\Software\SecuROM\License information*]
"datasecu"=hex:3e,c6,97,b4,3e,41,8c,50,ae,62,bd,7c,72,b2,ff,d3,03,52,98,6a,b2,
  22,f6,94,8d,6c,a0,1d,cc,cf,40,ac,65,6c,1d,5f,04,b4,1c,e5,86,b9,c7,ff,f5,01,\
"rkeysecu"=hex:1f,6b,1f,a7,d3,fa,b6,5b,8f,80,32,f9,c0,08,88,70
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-06-15  11:45:00
ComboFix-quarantined-files.txt  2011-06-15 09:44
.
Vor Suchlauf: 22 Verzeichnis(se), 46.015.336.448 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 51.804.418.048 Bytes frei
.
- - End Of File - - A6B24A6323DB42BA67D41AF7B32D3D92
--- --- ---

cosinus 15.06.2011 12:07
Ok. Dann probier jetzt nochmal den TDSS-Killer, der sollte jetzt laufen.

Tuidsi 15.06.2011 16:01
In der Tat. :)

2011/06/15 16:57:45.0738 5780 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/15 16:57:45.0957 5780 ================================================================================
2011/06/15 16:57:45.0957 5780 SystemInfo:
2011/06/15 16:57:45.0957 5780
2011/06/15 16:57:45.0957 5780 OS Version: 6.0.6000 ServicePack: 0.0
2011/06/15 16:57:45.0957 5780 Product type: Workstation
2011/06/15 16:57:45.0957 5780 ComputerName: BENNI-PC
2011/06/15 16:57:45.0973 5780 UserName: Benni
2011/06/15 16:57:45.0973 5780 Windows directory: C:\Windows
2011/06/15 16:57:45.0973 5780 System windows directory: C:\Windows
2011/06/15 16:57:45.0973 5780 Processor architecture: Intel x86
2011/06/15 16:57:45.0973 5780 Number of processors: 2
2011/06/15 16:57:45.0973 5780 Page size: 0x1000
2011/06/15 16:57:45.0973 5780 Boot type: Normal boot
2011/06/15 16:57:45.0973 5780 ================================================================================
2011/06/15 16:57:51.0285 5780 !crdlk
2011/06/15 16:57:51.0691 5780 Initialize success
2011/06/15 16:57:56.0160 5576 ================================================================================
2011/06/15 16:57:56.0160 5576 Scan started
2011/06/15 16:57:56.0160 5576 Mode: Manual;
2011/06/15 16:57:56.0160 5576 ================================================================================
2011/06/15 16:57:57.0191 5576 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/06/15 16:57:57.0285 5576 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/15 16:57:57.0379 5576 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/15 16:57:57.0535 5576 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/15 16:57:57.0582 5576 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/15 16:57:57.0754 5576 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/06/15 16:57:57.0832 5576 agp440 (198636e76971ebc96404547ec0fd5e75) C:\Windows\system32\drivers\agp440.sys
2011/06/15 16:57:57.0926 5576 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/15 16:57:58.0113 5576 aliide (0b3b337a68d9a75cc8d787dc98b53d79) C:\Windows\system32\drivers\aliide.sys
2011/06/15 16:57:58.0176 5576 amdagp (2363abc8989a14fd7247ca6f4e89d397) C:\Windows\system32\drivers\amdagp.sys
2011/06/15 16:57:58.0301 5576 amdide (468a204966d09f327a662c35f4b15dd3) C:\Windows\system32\drivers\amdide.sys
2011/06/15 16:57:58.0379 5576 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/15 16:57:58.0426 5576 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/15 16:57:58.0582 5576 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/15 16:57:58.0645 5576 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/15 16:57:58.0738 5576 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/15 16:57:58.0801 5576 atapi (0b77f93ab73798f97e8e0a0aa4ccbeef) C:\Windows\system32\drivers\atapi.sys
2011/06/15 16:57:59.0004 5576 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/06/15 16:57:59.0098 5576 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/15 16:57:59.0145 5576 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/15 16:57:59.0223 5576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/15 16:57:59.0285 5576 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/15 16:57:59.0395 5576 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/15 16:57:59.0441 5576 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/15 16:57:59.0535 5576 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/15 16:57:59.0582 5576 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/15 16:57:59.0832 5576 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/15 16:57:59.0879 5576 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/15 16:58:00.0004 5576 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/15 16:58:00.0051 5576 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/06/15 16:58:00.0207 5576 cmdide (2ac0c92b29ec21838f4cb46adb26bcc0) C:\Windows\system32\drivers\cmdide.sys
2011/06/15 16:58:00.0301 5576 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2011/06/15 16:58:00.0363 5576 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/15 16:58:00.0426 5576 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/15 16:58:00.0629 5576 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/06/15 16:58:00.0785 5576 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/06/15 16:58:00.0863 5576 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/06/15 16:58:00.0926 5576 DXGKrnl (2d13d9e98caf6321f219b28921af214c) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/15 16:58:01.0004 5576 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/15 16:58:01.0176 5576 Ecache (38573398f734b71b06cd2411494f234a) C:\Windows\system32\drivers\ecache.sys
2011/06/15 16:58:01.0379 5576 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/15 16:58:01.0551 5576 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/06/15 16:58:01.0598 5576 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/15 16:58:01.0738 5576 FET5X86V (8787449f8ef116db0e8e06c3555746a7) C:\Windows\system32\DRIVERS\fetnd5bv.sys
2011/06/15 16:58:01.0832 5576 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
2011/06/15 16:58:01.0895 5576 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/06/15 16:58:01.0941 5576 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/06/15 16:58:02.0004 5576 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/15 16:58:02.0051 5576 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/06/15 16:58:02.0145 5576 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/15 16:58:02.0191 5576 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/15 16:58:02.0238 5576 GDMnIcpt (e07bb6d958dc2a000065c9e696050fae) C:\Windows\system32\drivers\MiniIcpt.sys
2011/06/15 16:58:02.0270 5576 GDTdiInterceptor (11ac049160d70280aa6e3f77c07f8909) C:\Windows\system32\drivers\GDTdiIcpt.sys
2011/06/15 16:58:02.0457 5576 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/15 16:58:02.0520 5576 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/15 16:58:02.0676 5576 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/15 16:58:02.0723 5576 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/15 16:58:02.0801 5576 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/15 16:58:02.0848 5576 HookCentre (4d7b09a5dbd7d711d82b3c7385405229) C:\Windows\system32\drivers\HookCentre.sys
2011/06/15 16:58:02.0973 5576 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/15 16:58:03.0066 5576 HTTP (481b86e8939289f77fbcea1b24cec687) C:\Windows\system32\drivers\HTTP.sys
2011/06/15 16:58:03.0191 5576 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/15 16:58:03.0270 5576 i8042prt (bea9838cd25d36beba3f94386a761d60) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/15 16:58:03.0348 5576 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
2011/06/15 16:58:03.0520 5576 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/15 16:58:03.0598 5576 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/15 16:58:03.0707 5576 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/15 16:58:04.0020 5576 intelide (4a6b4c4fab7716c869fa9d19ac8ca5a5) C:\Windows\system32\drivers\intelide.sys
2011/06/15 16:58:04.0082 5576 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/15 16:58:04.0270 5576 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/15 16:58:04.0301 5576 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/15 16:58:04.0426 5576 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/06/15 16:58:04.0473 5576 isapnp (ce2997a0c3b0049a3188c4f0c7a04bc9) C:\Windows\system32\drivers\isapnp.sys
2011/06/15 16:58:04.0535 5576 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/15 16:58:04.0629 5576 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/15 16:58:04.0691 5576 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/15 16:58:04.0754 5576 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
2011/06/15 16:58:04.0832 5576 kbdclass (c9b0cf786d5f151a43c7be8e243f2819) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/15 16:58:04.0895 5576 kbdhid (97ab2fb84e8e77d93cee85550f4cf7f9) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/15 16:58:04.0957 5576 KSecDD (b6fac1ff7d4a05c06da9e53dbf5e9e7a) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/15 16:58:05.0160 5576 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/15 16:58:05.0223 5576 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/15 16:58:05.0363 5576 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/15 16:58:05.0441 5576 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/15 16:58:05.0488 5576 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/06/15 16:58:05.0598 5576 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/15 16:58:05.0660 5576 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/06/15 16:58:05.0801 5576 monitor (ee05f7a5e2cefb275b08f3e3fcc2a8eb) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/15 16:58:05.0863 5576 mouclass (4a00b3cf90ad075193ca5aeece71154c) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/15 16:58:05.0910 5576 mouhid (8d9b701d716843c39e93b3432cb721fc) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/15 16:58:05.0957 5576 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/06/15 16:58:06.0004 5576 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/15 16:58:06.0066 5576 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/15 16:58:06.0129 5576 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/15 16:58:06.0191 5576 MRxDAV (08f0c494a69cf3106ee7ffc48d8e5ac7) C:\Windows\system32\drivers\mrxdav.sys
2011/06/15 16:58:06.0270 5576 mrxsmb (bbb0d31b477cff3b4f737ed0367f635f) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/15 16:58:06.0410 5576 mrxsmb10 (a6130566ac4178473b5dac8f8f74407d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/15 16:58:06.0473 5576 mrxsmb20 (3d475e770d3ab2d0c5e3e1386871f9da) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/15 16:58:06.0535 5576 msahci (13fa01d10c95762e3e191bb023dfa8cc) C:\Windows\system32\drivers\msahci.sys
2011/06/15 16:58:06.0613 5576 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/15 16:58:06.0770 5576 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/06/15 16:58:06.0816 5576 msisadrv (0a64168b63535520adfd6b959695404a) C:\Windows\system32\drivers\msisadrv.sys
2011/06/15 16:58:06.0926 5576 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/15 16:58:07.0051 5576 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/15 16:58:07.0113 5576 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/06/15 16:58:07.0160 5576 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/06/15 16:58:07.0348 5576 mssmbios (e09cedb1bca303b7f6ae22f512e56969) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/15 16:58:07.0410 5576 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/06/15 16:58:07.0457 5576 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/06/15 16:58:07.0598 5576 NativeWifiP (be8c26e61be5c5a49a6babd17aeed1b7) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/15 16:58:07.0707 5576 NDIS (6e8dfface597629cef5df7d69217628f) C:\Windows\system32\drivers\ndis.sys
2011/06/15 16:58:07.0785 5576 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/15 16:58:07.0910 5576 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/15 16:58:07.0973 5576 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/15 16:58:08.0098 5576 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/06/15 16:58:08.0254 5576 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/15 16:58:08.0316 5576 netbt (231f6ccfdb7a604221f18fb0852c8560) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/15 16:58:08.0473 5576 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/15 16:58:08.0551 5576 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/06/15 16:58:08.0645 5576 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/15 16:58:08.0801 5576 Ntfs (f08824715ca6076f5e73e005ab83b9c8) C:\Windows\system32\drivers\Ntfs.sys
2011/06/15 16:58:09.0035 5576 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/15 16:58:09.0082 5576 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/06/15 16:58:09.0285 5576 nvlddmkm (0ad2e0a3933aac2a392f0c6a68e2d2f8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/15 16:58:09.0691 5576 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/15 16:58:09.0801 5576 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
2011/06/15 16:58:09.0879 5576 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/15 16:58:09.0941 5576 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
2011/06/15 16:58:10.0113 5576 nv_agp (925eb9e53eca4473a2d156a02b7418e3) C:\Windows\system32\drivers\nv_agp.sys
2011/06/15 16:58:10.0254 5576 ohci1394 (8994cbfc215a9ef4495e6ae7992954fc) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/15 16:58:10.0441 5576 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/15 16:58:10.0488 5576 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/06/15 16:58:10.0629 5576 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/15 16:58:10.0676 5576 pci (a48c4d0acc933f7a37e52ab0761811ad) C:\Windows\system32\drivers\pci.sys
2011/06/15 16:58:10.0816 5576 pciide (353968946bcb766f6c5c01717686b382) C:\Windows\system32\drivers\pciide.sys
2011/06/15 16:58:10.0895 5576 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/15 16:58:11.0035 5576 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/15 16:58:11.0223 5576 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/15 16:58:11.0285 5576 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/15 16:58:11.0441 5576 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/15 16:58:11.0535 5576 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/15 16:58:11.0723 5576 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/15 16:58:11.0785 5576 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/15 16:58:11.0957 5576 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/15 16:58:12.0004 5576 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/15 16:58:12.0160 5576 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/15 16:58:12.0207 5576 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/15 16:58:12.0348 5576 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/15 16:58:12.0441 5576 rdpdr (87ee019fe9fbff071d76ccf9ec794646) C:\Windows\system32\drivers\rdpdr.sys
2011/06/15 16:58:12.0598 5576 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/15 16:58:12.0660 5576 RDPWD (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys
2011/06/15 16:58:12.0832 5576 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/15 16:58:12.0879 5576 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/15 16:58:13.0004 5576 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/15 16:58:13.0051 5576 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/15 16:58:13.0176 5576 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/06/15 16:58:13.0270 5576 sermouse (2baf2abc0da0d50ebe8289c720977052) C:\Windows\system32\drivers\sermouse.sys
2011/06/15 16:58:13.0441 5576 sffdisk (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\drivers\sffdisk.sys
2011/06/15 16:58:13.0473 5576 sffp_mmc (b86dfcd55294a0495571a27b861e6ef3) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/15 16:58:13.0566 5576 sffp_sd (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/15 16:58:13.0660 5576 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/15 16:58:13.0754 5576 sisagp (e5773c4cff310d00a59db01ef4074135) C:\Windows\system32\drivers\sisagp.sys
2011/06/15 16:58:13.0910 5576 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/15 16:58:13.0941 5576 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/15 16:58:14.0113 5576 Smb (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
2011/06/15 16:58:14.0191 5576 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/06/15 16:58:14.0254 5576 srv (081be0d7a95af38d2aa238afcfc103aa) C:\Windows\system32\DRIVERS\srv.sys
2011/06/15 16:58:14.0332 5576 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/15 16:58:14.0395 5576 srvnet (3d2ca9f958fb6e28447da61f65b9deba) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/15 16:58:14.0535 5576 swenum (9c539aaffb0b6d7bce984c74317ff29f) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/15 16:58:14.0598 5576 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/15 16:58:14.0707 5576 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/15 16:58:14.0754 5576 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/15 16:58:14.0941 5576 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys
2011/06/15 16:58:15.0160 5576 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/15 16:58:15.0191 5576 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/15 16:58:15.0332 5576 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/06/15 16:58:15.0379 5576 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/15 16:58:15.0441 5576 tdx (7973f7239486800cd79e4fdbab6a07df) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/15 16:58:15.0488 5576 TermDD (cfe870506361bac80a549749116ad870) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/15 16:58:15.0707 5576 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/15 16:58:15.0785 5576 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/15 16:58:15.0832 5576 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/15 16:58:15.0879 5576 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/15 16:58:15.0941 5576 udfs (deea398a92952ccc421ba5b39662cabe) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/15 16:58:16.0051 5576 uliagpkx (5895ef4d0f1424392ee6439250e25677) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/15 16:58:16.0113 5576 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/15 16:58:16.0301 5576 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/15 16:58:16.0348 5576 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/15 16:58:16.0473 5576 umbus (dc8828971d997de009647fce59e0ce8f) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/15 16:58:16.0660 5576 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/06/15 16:58:16.0707 5576 usbccgp (3f795d59734259a00d385fbd65191bf4) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/15 16:58:16.0754 5576 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/15 16:58:16.0895 5576 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/06/15 16:58:16.0973 5576 usbehci (5555f6df13a1a1c327d67e9da7b99aee) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/15 16:58:17.0004 5576 usbhub (8dabb8cb47e0736930cf6492aed361a6) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/15 16:58:17.0160 5576 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/06/15 16:58:17.0223 5576 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/15 16:58:17.0332 5576 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/15 16:58:17.0395 5576 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/15 16:58:17.0473 5576 usbuhci (718fdf0b0f16e1d3b992f95eadf1af75) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/15 16:58:17.0645 5576 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/15 16:58:17.0691 5576 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/06/15 16:58:17.0738 5576 viaagp (66e64d5cbeb047c90e65f0962483a5b2) C:\Windows\system32\drivers\viaagp.sys
2011/06/15 16:58:17.0863 5576 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/15 16:58:17.0926 5576 viaide (7100b56688c5d6d7695d18fd001f0cd6) C:\Windows\system32\drivers\viaide.sys
2011/06/15 16:58:17.0973 5576 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
2011/06/15 16:58:18.0082 5576 ViBus (aa3e6722843540b9c8ec5257e3d4b675) C:\Windows\system32\DRIVERS\ViBus.sys
2011/06/15 16:58:18.0129 5576 ViPrt (a1b7cffe5f09b825fba506c4de9fdac7) C:\Windows\system32\DRIVERS\ViPrt.sys
2011/06/15 16:58:18.0176 5576 volmgr (cc8a64a532fd2844ee68f4061ed8a7fd) C:\Windows\system32\drivers\volmgr.sys
2011/06/15 16:58:18.0332 5576 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/06/15 16:58:18.0457 5576 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
2011/06/15 16:58:18.0613 5576 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/15 16:58:18.0801 5576 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/15 16:58:18.0863 5576 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/15 16:58:18.0910 5576 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/15 16:58:19.0051 5576 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/15 16:58:19.0113 5576 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/15 16:58:19.0410 5576 winusb (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\winusb.sys
2011/06/15 16:58:19.0457 5576 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/15 16:58:19.0660 5576 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/15 16:58:19.0707 5576 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/15 16:58:19.0879 5576 WUDFRd (ee0974d4042da9cf4c569ac4eca8c9c0) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/15 16:58:19.0941 5576 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/15 16:58:19.0988 5576 ================================================================================
2011/06/15 16:58:19.0988 5576 Scan finished
2011/06/15 16:58:19.0988 5576 ================================================================================
2011/06/15 16:58:20.0004 2996 Detected object count: 0
2011/06/15 16:58:20.0004 2996 Actual detected object count: 0
2011/06/15 16:59:02.0629 2160 ================================================================================
2011/06/15 16:59:02.0629 2160 Scan started
2011/06/15 16:59:02.0629 2160 Mode: Manual;
2011/06/15 16:59:02.0629 2160 ================================================================================
2011/06/15 16:59:03.0145 2160 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/06/15 16:59:03.0191 2160 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/15 16:59:03.0238 2160 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/15 16:59:03.0270 2160 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/15 16:59:03.0301 2160 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/15 16:59:03.0363 2160 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/06/15 16:59:03.0410 2160 agp440 (198636e76971ebc96404547ec0fd5e75) C:\Windows\system32\drivers\agp440.sys
2011/06/15 16:59:03.0441 2160 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/15 16:59:03.0504 2160 aliide (0b3b337a68d9a75cc8d787dc98b53d79) C:\Windows\system32\drivers\aliide.sys
2011/06/15 16:59:03.0598 2160 amdagp (2363abc8989a14fd7247ca6f4e89d397) C:\Windows\system32\drivers\amdagp.sys
2011/06/15 16:59:03.0660 2160 amdide (468a204966d09f327a662c35f4b15dd3) C:\Windows\system32\drivers\amdide.sys
2011/06/15 16:59:03.0707 2160 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/15 16:59:03.0738 2160 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/15 16:59:03.0801 2160 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/15 16:59:03.0895 2160 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/15 16:59:03.0910 2160 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/15 16:59:04.0020 2160 atapi (0b77f93ab73798f97e8e0a0aa4ccbeef) C:\Windows\system32\drivers\atapi.sys
2011/06/15 16:59:04.0098 2160 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/06/15 16:59:04.0191 2160 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/15 16:59:04.0223 2160 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/15 16:59:04.0254 2160 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/15 16:59:04.0301 2160 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/15 16:59:04.0348 2160 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/15 16:59:04.0395 2160 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/15 16:59:04.0410 2160 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/15 16:59:04.0441 2160 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/15 16:59:04.0645 2160 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/15 16:59:04.0691 2160 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/15 16:59:04.0738 2160 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/15 16:59:04.0785 2160 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/06/15 16:59:04.0863 2160 cmdide (2ac0c92b29ec21838f4cb46adb26bcc0) C:\Windows\system32\drivers\cmdide.sys
2011/06/15 16:59:04.0926 2160 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
2011/06/15 16:59:04.0988 2160 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/15 16:59:05.0035 2160 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/15 16:59:05.0113 2160 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/06/15 16:59:05.0191 2160 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/06/15 16:59:05.0254 2160 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/06/15 16:59:05.0301 2160 DXGKrnl (2d13d9e98caf6321f219b28921af214c) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/15 16:59:05.0348 2160 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/15 16:59:05.0395 2160 Ecache (38573398f734b71b06cd2411494f234a) C:\Windows\system32\drivers\ecache.sys
2011/06/15 16:59:05.0504 2160 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/15 16:59:05.0566 2160 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/06/15 16:59:05.0613 2160 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/15 16:59:05.0676 2160 FET5X86V (8787449f8ef116db0e8e06c3555746a7) C:\Windows\system32\DRIVERS\fetnd5bv.sys
2011/06/15 16:59:05.0785 2160 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
2011/06/15 16:59:05.0816 2160 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/06/15 16:59:05.0848 2160 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/06/15 16:59:05.0910 2160 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/15 16:59:05.0926 2160 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/06/15 16:59:05.0988 2160 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/15 16:59:06.0035 2160 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/15 16:59:06.0098 2160 GDMnIcpt (e07bb6d958dc2a000065c9e696050fae) C:\Windows\system32\drivers\MiniIcpt.sys
2011/06/15 16:59:06.0113 2160 GDTdiInterceptor (11ac049160d70280aa6e3f77c07f8909) C:\Windows\system32\drivers\GDTdiIcpt.sys
2011/06/15 16:59:06.0270 2160 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/15 16:59:06.0316 2160 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/15 16:59:06.0410 2160 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/15 16:59:06.0441 2160 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/15 16:59:06.0504 2160 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/15 16:59:06.0598 2160 HookCentre (4d7b09a5dbd7d711d82b3c7385405229) C:\Windows\system32\drivers\HookCentre.sys
2011/06/15 16:59:06.0645 2160 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/15 16:59:06.0707 2160 HTTP (481b86e8939289f77fbcea1b24cec687) C:\Windows\system32\drivers\HTTP.sys
2011/06/15 16:59:06.0754 2160 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/15 16:59:06.0801 2160 i8042prt (bea9838cd25d36beba3f94386a761d60) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/15 16:59:06.0863 2160 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
2011/06/15 16:59:06.0926 2160 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/15 16:59:06.0957 2160 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/15 16:59:07.0129 2160 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/15 16:59:07.0207 2160 intelide (4a6b4c4fab7716c869fa9d19ac8ca5a5) C:\Windows\system32\drivers\intelide.sys
2011/06/15 16:59:07.0254 2160 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/15 16:59:07.0348 2160 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/15 16:59:07.0410 2160 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/15 16:59:07.0441 2160 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/06/15 16:59:07.0488 2160 isapnp (ce2997a0c3b0049a3188c4f0c7a04bc9) C:\Windows\system32\drivers\isapnp.sys
2011/06/15 16:59:07.0535 2160 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/15 16:59:07.0582 2160 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/15 16:59:07.0645 2160 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/15 16:59:07.0707 2160 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
2011/06/15 16:59:07.0754 2160 kbdclass (c9b0cf786d5f151a43c7be8e243f2819) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/15 16:59:07.0785 2160 kbdhid (97ab2fb84e8e77d93cee85550f4cf7f9) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/15 16:59:07.0848 2160 KSecDD (b6fac1ff7d4a05c06da9e53dbf5e9e7a) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/15 16:59:07.0926 2160 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/15 16:59:07.0988 2160 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/15 16:59:08.0129 2160 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/15 16:59:08.0176 2160 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/15 16:59:08.0223 2160 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/06/15 16:59:08.0270 2160 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/15 16:59:08.0332 2160 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/06/15 16:59:08.0410 2160 monitor (ee05f7a5e2cefb275b08f3e3fcc2a8eb) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/15 16:59:08.0441 2160 mouclass (4a00b3cf90ad075193ca5aeece71154c) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/15 16:59:08.0535 2160 mouhid (8d9b701d716843c39e93b3432cb721fc) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/15 16:59:08.0566 2160 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/06/15 16:59:08.0629 2160 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/15 16:59:08.0676 2160 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/15 16:59:08.0801 2160 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/15 16:59:08.0848 2160 MRxDAV (08f0c494a69cf3106ee7ffc48d8e5ac7) C:\Windows\system32\drivers\mrxdav.sys
2011/06/15 16:59:08.0910 2160 mrxsmb (bbb0d31b477cff3b4f737ed0367f635f) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/15 16:59:08.0926 2160 mrxsmb10 (a6130566ac4178473b5dac8f8f74407d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/15 16:59:08.0973 2160 mrxsmb20 (3d475e770d3ab2d0c5e3e1386871f9da) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/15 16:59:09.0020 2160 msahci (13fa01d10c95762e3e191bb023dfa8cc) C:\Windows\system32\drivers\msahci.sys
2011/06/15 16:59:09.0082 2160 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/15 16:59:09.0176 2160 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/06/15 16:59:09.0223 2160 msisadrv (0a64168b63535520adfd6b959695404a) C:\Windows\system32\drivers\msisadrv.sys
2011/06/15 16:59:09.0270 2160 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/15 16:59:09.0301 2160 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/15 16:59:09.0316 2160 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/06/15 16:59:09.0363 2160 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/06/15 16:59:09.0395 2160 mssmbios (e09cedb1bca303b7f6ae22f512e56969) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/15 16:59:09.0504 2160 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/06/15 16:59:09.0535 2160 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/06/15 16:59:09.0598 2160 NativeWifiP (be8c26e61be5c5a49a6babd17aeed1b7) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/15 16:59:09.0660 2160 NDIS (6e8dfface597629cef5df7d69217628f) C:\Windows\system32\drivers\ndis.sys
2011/06/15 16:59:09.0691 2160 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/15 16:59:09.0738 2160 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/15 16:59:09.0770 2160 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/15 16:59:09.0801 2160 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/06/15 16:59:09.0832 2160 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/15 16:59:09.0863 2160 netbt (231f6ccfdb7a604221f18fb0852c8560) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/15 16:59:09.0988 2160 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/15 16:59:10.0035 2160 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/06/15 16:59:10.0113 2160 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/15 16:59:10.0191 2160 Ntfs (f08824715ca6076f5e73e005ab83b9c8) C:\Windows\system32\drivers\Ntfs.sys
2011/06/15 16:59:10.0332 2160 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/15 16:59:10.0363 2160 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/06/15 16:59:10.0566 2160 nvlddmkm (0ad2e0a3933aac2a392f0c6a68e2d2f8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/15 16:59:10.0754 2160 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/15 16:59:10.0801 2160 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
2011/06/15 16:59:10.0816 2160 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/15 16:59:10.0879 2160 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
2011/06/15 16:59:10.0926 2160 nv_agp (925eb9e53eca4473a2d156a02b7418e3) C:\Windows\system32\drivers\nv_agp.sys
2011/06/15 16:59:11.0004 2160 ohci1394 (8994cbfc215a9ef4495e6ae7992954fc) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/15 16:59:11.0145 2160 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/15 16:59:11.0176 2160 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/06/15 16:59:11.0207 2160 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/15 16:59:11.0238 2160 pci (a48c4d0acc933f7a37e52ab0761811ad) C:\Windows\system32\drivers\pci.sys
2011/06/15 16:59:11.0363 2160 pciide (353968946bcb766f6c5c01717686b382) C:\Windows\system32\drivers\pciide.sys
2011/06/15 16:59:11.0426 2160 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/15 16:59:11.0473 2160 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/15 16:59:11.0598 2160 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/15 16:59:11.0645 2160 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/15 16:59:11.0723 2160 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/15 16:59:11.0785 2160 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/15 16:59:11.0832 2160 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/15 16:59:11.0926 2160 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/15 16:59:11.0973 2160 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/15 16:59:12.0098 2160 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/15 16:59:12.0145 2160 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/15 16:59:12.0270 2160 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/15 16:59:12.0285 2160 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/15 16:59:12.0363 2160 rdpdr (87ee019fe9fbff071d76ccf9ec794646) C:\Windows\system32\drivers\rdpdr.sys
2011/06/15 16:59:12.0473 2160 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/15 16:59:12.0535 2160 RDPWD (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys
2011/06/15 16:59:12.0691 2160 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/15 16:59:12.0754 2160 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/15 16:59:12.0910 2160 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/15 16:59:12.0957 2160 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/15 16:59:13.0051 2160 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/06/15 16:59:13.0098 2160 sermouse (2baf2abc0da0d50ebe8289c720977052) C:\Windows\system32\drivers\sermouse.sys
2011/06/15 16:59:13.0270 2160 sffdisk (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\drivers\sffdisk.sys
2011/06/15 16:59:13.0316 2160 sffp_mmc (b86dfcd55294a0495571a27b861e6ef3) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/15 16:59:13.0348 2160 sffp_sd (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/15 16:59:13.0395 2160 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/15 16:59:13.0551 2160 sisagp (e5773c4cff310d00a59db01ef4074135) C:\Windows\system32\drivers\sisagp.sys
2011/06/15 16:59:13.0582 2160 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/15 16:59:13.0613 2160 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/15 16:59:13.0676 2160 Smb (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
2011/06/15 16:59:13.0738 2160 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/06/15 16:59:13.0816 2160 srv (081be0d7a95af38d2aa238afcfc103aa) C:\Windows\system32\DRIVERS\srv.sys
2011/06/15 16:59:13.0863 2160 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/15 16:59:13.0926 2160 srvnet (3d2ca9f958fb6e28447da61f65b9deba) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/15 16:59:14.0051 2160 swenum (9c539aaffb0b6d7bce984c74317ff29f) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/15 16:59:14.0113 2160 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/15 16:59:14.0145 2160 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/15 16:59:14.0191 2160 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/15 16:59:14.0285 2160 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys
2011/06/15 16:59:14.0348 2160 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/15 16:59:14.0410 2160 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/15 16:59:14.0520 2160 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/06/15 16:59:14.0551 2160 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/15 16:59:14.0613 2160 tdx (7973f7239486800cd79e4fdbab6a07df) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/15 16:59:14.0645 2160 TermDD (cfe870506361bac80a549749116ad870) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/15 16:59:14.0832 2160 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/15 16:59:14.0879 2160 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/15 16:59:14.0941 2160 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/15 16:59:14.0988 2160 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/15 16:59:15.0051 2160 udfs (deea398a92952ccc421ba5b39662cabe) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/15 16:59:15.0191 2160 uliagpkx (5895ef4d0f1424392ee6439250e25677) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/15 16:59:15.0254 2160 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/15 16:59:15.0285 2160 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/15 16:59:15.0332 2160 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/15 16:59:15.0363 2160 umbus (dc8828971d997de009647fce59e0ce8f) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/15 16:59:15.0441 2160 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/06/15 16:59:15.0473 2160 usbccgp (3f795d59734259a00d385fbd65191bf4) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/15 16:59:15.0520 2160 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/15 16:59:15.0566 2160 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/06/15 16:59:15.0613 2160 usbehci (5555f6df13a1a1c327d67e9da7b99aee) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/15 16:59:15.0660 2160 usbhub (8dabb8cb47e0736930cf6492aed361a6) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/15 16:59:15.0707 2160 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/06/15 16:59:15.0754 2160 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/15 16:59:15.0785 2160 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/15 16:59:15.0848 2160 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/15 16:59:15.0879 2160 usbuhci (718fdf0b0f16e1d3b992f95eadf1af75) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/15 16:59:16.0035 2160 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/15 16:59:16.0066 2160 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/06/15 16:59:16.0113 2160 viaagp (66e64d5cbeb047c90e65f0962483a5b2) C:\Windows\system32\drivers\viaagp.sys
2011/06/15 16:59:16.0145 2160 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/15 16:59:16.0191 2160 viaide (7100b56688c5d6d7695d18fd001f0cd6) C:\Windows\system32\drivers\viaide.sys
2011/06/15 16:59:16.0254 2160 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
2011/06/15 16:59:16.0301 2160 ViBus (aa3e6722843540b9c8ec5257e3d4b675) C:\Windows\system32\DRIVERS\ViBus.sys
2011/06/15 16:59:16.0332 2160 ViPrt (a1b7cffe5f09b825fba506c4de9fdac7) C:\Windows\system32\DRIVERS\ViPrt.sys
2011/06/15 16:59:16.0363 2160 volmgr (cc8a64a532fd2844ee68f4061ed8a7fd) C:\Windows\system32\drivers\volmgr.sys
2011/06/15 16:59:16.0410 2160 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/06/15 16:59:16.0520 2160 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
2011/06/15 16:59:16.0566 2160 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/15 16:59:16.0707 2160 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/15 16:59:16.0738 2160 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/15 16:59:16.0754 2160 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/15 16:59:16.0832 2160 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/15 16:59:16.0895 2160 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/15 16:59:17.0004 2160 winusb (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\winusb.sys
2011/06/15 16:59:17.0066 2160 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/15 16:59:17.0223 2160 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/15 16:59:17.0285 2160 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/15 16:59:17.0363 2160 WUDFRd (ee0974d4042da9cf4c569ac4eca8c9c0) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/15 16:59:17.0410 2160 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/15 16:59:17.0441 2160 ================================================================================
2011/06/15 16:59:17.0441 2160 Scan finished
2011/06/15 16:59:17.0441 2160 ================================================================================
2011/06/15 16:59:17.0457 5908 Detected object count: 0
2011/06/15 16:59:17.0457 5908 Actual detected object count: 0

cosinus 15.06.2011 20:58
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Tuidsi 15.06.2011 23:59
GMER: Zweimal während des Scans abgestürzt; einmal erschien, bevor das Programm überhaupt startete, ein blauer Bildschirm mit ner Menge Text (irgendwas von wegen error u.a.), kurz danach stürzte der Computer ab.

OSAM-Logfile:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:51:54 on 16.06.2011

OS: Windows Vista Home Premium Edition (Build 6000), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\Benni\AppData\Local\Temp\catchme.sys  (File not found)
"GDMnIcpt" (GDMnIcpt) - "G DATA Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys
"GDTdiInterceptor" (GDTdiInterceptor) - ? - C:\Windows\system32\drivers\GDTdiIcpt.sys
"HookCentre" (HookCentre) - "G DATA Software AG" - C:\Windows\system32\drivers\HookCentre.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"pwrcqpog" (pwrcqpog) - ? - C:\Users\Benni\AppData\Local\Temp\pwrcqpog.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\program files\google\googletoolbar2.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{00000000-0000-0000-0000-000000000000}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10p.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe
"PokerStars.net" - "PokerStars" - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\program files\google\googletoolbar2.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\program files\google\googletoolbar2.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AVKTray" - "G DATA Software AG" - "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"QuickFinder Scheduler" - "Corel Corporation" - "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"recinfo294" - ? - c:\RecInfo\RecInfo.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple, Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"AVK Service" (AVKService) - "G DATA Software AG" - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe
"AVK Wächter" (AVKWCtl) - "G DATA Software AG" - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
"AVKProxy" (AVKProxy) - "G DATA Software AG" - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca232a51e4fcef)" (gupdate1ca232a51e4fcef) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ProtexisLicensing" (ProtexisLicensing) - ? - c:\Windows\system32\PSIService.exe
"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Fujitsu Siemens Computers" - c:\windows\system32\Fujits~1.scr

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru




MBRCheck-Logfile:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: FUJITSU SIEMENS
System Product Name: MS-7293VP
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 139):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827A2000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80461000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80459000 \SystemRoot\system32\drivers\msisadrv.sys
0x80434000 \SystemRoot\system32\drivers\pci.sys
0x80425000 \SystemRoot\system32\drivers\volmgr.sys
0x80415000 \SystemRoot\System32\drivers\mountmgr.sys
0x8040D000 \SystemRoot\system32\drivers\viaide.sys
0x807F2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80404000 \SystemRoot\system32\DRIVERS\ViBus.sys
0x807D9000 \SystemRoot\system32\drivers\nvraid.sys
0x807B8000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8076E000 \SystemRoot\System32\drivers\volmgrx.sys
0x80766000 \SystemRoot\system32\drivers\atapi.sys
0x80748000 \SystemRoot\system32\drivers\ataport.SYS
0x80738000 \SystemRoot\system32\DRIVERS\ViPrt.sys
0x8071A000 \SystemRoot\system32\drivers\vsmraid.sys
0x806DA000 \SystemRoot\system32\drivers\storport.sys
0x806A9000 \SystemRoot\system32\drivers\fltmgr.sys
0x80699000 \SystemRoot\system32\drivers\fileinfo.sys
0x822FC000 \SystemRoot\system32\drivers\ndis.sys
0x8066E000 \SystemRoot\system32\drivers\msrpc.sys
0x80635000 \SystemRoot\system32\drivers\NETIO.SYS
0x82CF8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82292000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8225C000 \SystemRoot\system32\drivers\volsnap.sys
0x8062D000 \SystemRoot\System32\Drivers\spldr.sys
0x8061E000 \SystemRoot\System32\drivers\partmgr.sys
0x8060F000 \SystemRoot\System32\Drivers\mup.sys
0x82237000 \SystemRoot\System32\drivers\ecache.sys
0x82226000 \SystemRoot\system32\drivers\disk.sys
0x80606000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B87A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B931000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C4DE000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C2C1000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B973000 \SystemRoot\System32\drivers\watchdog.sys
0x8C2A9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88CF4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BFC3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BFB5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x82E90000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BFA7000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BF8D000 \SystemRoot\system32\DRIVERS\serial.sys
0x8C360000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8BF7B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BF50000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B883000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BF39000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BF2E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BF0B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82C74000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BE08000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BE1B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C29E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C285000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88D11000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C25B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C36A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C24E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C21A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x82E30000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CE40000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C471000 \SystemRoot\system32\drivers\portcls.sys
0x8C44C000 \SystemRoot\system32\drivers\drmk.sys
0x8B844000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x88C47000 \SystemRoot\System32\Drivers\Null.SYS
0x88C4E000 \SystemRoot\System32\Drivers\Beep.SYS
0x88C55000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8C20E000 \SystemRoot\System32\drivers\vga.sys
0x8C42B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B980000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B988000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C203000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C290000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B856000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D12A000 \SystemRoot\System32\drivers\tcpip.sys
0x8CE27000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CE12000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D116000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D0CF000 \SystemRoot\system32\drivers\afd.sys
0x8D09D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D087000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CE04000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D074000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D039000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C37E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D022000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D39A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8D32A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x88D01000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B801000 \SystemRoot\System32\Drivers\crashdmp.sys
0x82E40000 \SystemRoot\System32\Drivers\dump_ViPrt.sys
0x8D225000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8B829000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x82EF0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x94E00000 \SystemRoot\System32\win32k.sys
0x8C392000 \SystemRoot\System32\drivers\Dxapi.sys
0x8B871000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8B9D8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8C39C000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8BE39000 \SystemRoot\system32\DRIVERS\monitor.sys
0x80C00000 \SystemRoot\System32\TSDDD.dll
0x80C10000 \SystemRoot\System32\cdd.dll
0x81102000 \SystemRoot\system32\drivers\luafv.sys
0x99F14000 \SystemRoot\system32\drivers\spsys.sys
0x82E80000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99F01000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B197000 \SystemRoot\system32\drivers\HTTP.sys
0x9B17C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B163000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B14F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B12F000 \SystemRoot\system32\drivers\mrxdav.sys
0x9B111000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B0D8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B0C6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B0A2000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B011000 \SystemRoot\System32\DRIVERS\srv.sys
0x8D23C000 \??\C:\Windows\system32\drivers\GDTdiIcpt.sys
0x9B600000 \SystemRoot\system32\drivers\peauth.sys
0x8C3E2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x98587000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C702000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9C6F0000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x99E35000 \??\C:\Windows\system32\drivers\HookCentre.sys
0x8C3C4000 \??\C:\Windows\system32\drivers\MiniIcpt.sys
0x9C605000 \??\C:\Users\Benni\AppData\Local\Temp\pwrcqpog.sys
0x985DF000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0x985EA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x76FC0000 \Windows\System32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
484 C:\Windows\System32\smss.exe
552 csrss.exe
604 C:\Windows\System32\wininit.exe
616 csrss.exe
652 C:\Windows\System32\services.exe
688 C:\Windows\System32\lsass.exe
696 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\winlogon.exe
872 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\audiodg.exe
1268 C:\Windows\System32\SLsvc.exe
1300 C:\Windows\System32\svchost.exe
1500 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\spoolsv.exe
1676 C:\Windows\System32\svchost.exe
1864 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1884 C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe
1908 C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
1960 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
512 C:\Windows\System32\svchost.exe
624 C:\Windows\System32\PSIService.exe
476 C:\Windows\System32\svchost.exe
856 C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
1424 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\SearchIndexer.exe
1560 C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
1468 WUDFHost.exe
2300 C:\Windows\System32\dwm.exe
2308 C:\Windows\System32\taskeng.exe
2384 C:\Windows\explorer.exe
2428 C:\Windows\System32\taskeng.exe
2488 C:\Program Files\Google\Update\GoogleUpdate.exe
3144 C:\Windows\System32\rundll32.exe
3152 C:\Windows\RtHDVCpl.exe
3160 C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe
3176 C:\Windows\System32\rundll32.exe
3588 C:\Windows\WindowsMobile\wmdSync.exe
3596 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3604 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3612 C:\Program Files\Windows Sidebar\sidebar.exe
3620 C:\Windows\ehome\ehtray.exe
3628 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3684 C:\Windows\System32\svchost.exe
3700 C:\Windows\ehome\ehmsas.exe
3788 C:\Windows\System32\mobsync.exe
2548 C:\Program Files\Mozilla Firefox\firefox.exe
2056 C:\Windows\System32\svchost.exe
2472 taskeng.exe
3352 C:\Windows\servicing\TrustedInstaller.exe
2184 C:\Windows\System32\SearchProtocolHost.exe
3912 C:\Windows\System32\SearchFilterHost.exe
3444 C:\Windows\explorer.exe
2592 dllhost.exe
3004 dllhost.exe
3916 C:\Users\Benni\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000039`08100000 (NTFS)

PhysicalDrive0 Model Number: ST3360320AS, Rev: 3.AAM

Size Device Name MBR Status
--------------------------------------------
335 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 16.06.2011 09:52
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Tuidsi 16.06.2011 21:24
Hier die Logs von Malwarebytes, SASW und ESET. Die von SASW sowie ESET gefundenen Dateien habe ich anleitungsgemäß noch nicht gelöscht.



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6869

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

16.06.2011 16:54:34
mbam-log-2011-06-16 (16-54-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 384488
Laufzeit: 2 Stunde(n), 49 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/16/2011 at 08:01 PM

Application Version : 4.54.1000

Core Rules Database Version : 7274
Trace Rules Database Version: 5086

Scan type : Complete Scan
Total Scan Time : 02:49:36

Memory items scanned : 575
Memory threats detected : 0
Registry items scanned : 9466
Registry threats detected : 0
File items scanned : 236140
File threats detected : 147

Adware.Tracking Cookie
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ad1.adfarm1.adition[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@serving-sys[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ad.adition[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ad.71i[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@zanox-affiliate[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@content.yieldmanager[3].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@specificclick[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@advertise[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@overture[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ad.adnet[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ad3.adfarm1.adition[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@p221t1s4381385.kronos.bravenetmedia[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@p353t1s4047163.kronos.bravenetmedia[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@virusranger[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@webmasterplan[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ad.yieldmanager[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ar.atwola[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@trafficengine[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@yadro[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@windowsmedia[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@tracking.quisma[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ads.medienhaus[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@clicks.bestcoolsearch[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@adserver.tripat[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@zedo[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@doubleclick[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@adbrite[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.winspykiller[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@mm.chitika[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@advertising[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@adtech[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@xm.xtendmedia[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@2o7[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@findvermont[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@clicksor[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@komtrack[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@tacoda.at.atwola[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@media6degrees[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.findstomach[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@atwola[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@adopt.euroclick[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.findvermont[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@unitymedia[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@tracking.hannoversche[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@zanox[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@xml.happytofind[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ru4[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.findstatement[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@a3.adserver01[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@apmebf[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ad.zanox[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@myroitracking[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@bizzclick[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.active-tracking[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ad.adc-serv[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.windowsmedia[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@fastclick[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@sevenoneintermedia.112.2o7[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@de.sitestat[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@adviva[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@adfarm1.adition[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@adserver2.clipkit[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@tradedoubler[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.virusranger[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@adxpose[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.googleadservices[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@clicks.bestfastget[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@fl01.ct2.comclick[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@questionmarket[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@statse.webtrendslive[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@at.atwola[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@track.adform[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@smartadserver[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@xml.trafficengine[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ads.creative-serving[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@burstnet[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@atdmt[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@click.blue-square-media[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.cpcadnet[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@cdn.at.atwola[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.antispykit[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@mediatraffic[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@mediaplex[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ad2.adfarm1.adition[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@data.coremetrics[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@cdn.jemamedia[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@de.sitestat[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@mediabrandsww[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@eyewonder[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@komtrack[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@traffictrack[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@ad.dyntracker[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@zbox.zanox[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.antispyshield[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@clicks.thespecialsearch[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@track.effiliation[3].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@adserver.traffictrack[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@antispykit[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@eas.apm.emediate[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.etracker[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@invitemedia[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@tracking.mlsat02[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@eclickz[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@bluestreak[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@tracking.mindshare[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@content.yieldmanager[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@track.effiliation[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@tracking.publicidees[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.burstnet[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@adserver.71i[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@oberon-media[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@imrworldwide[2].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@p222t1s1566903.kronos.bravenetmedia[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.cpcadnet[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@click.fastpartner[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@www.find-quick-results[1].txt
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Cookies\benni@bs.serving-sys[1].txt
atdmt.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
bc.youporn.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
cdn1.eyewonder.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
cdn1.static.pornhub.phncdn.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
counter.cam-content.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
files.youporn.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
googleads.g.doubleclick.net [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
i.adultswim.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
ia.media-imdb.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
imagesrv.adition.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
maxporn.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
media.filb.de [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
media.kyte.tv [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
media.mtvnservices.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
media.rofl.to [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
media.scanscout.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
media01.kyte.tv [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
media1.break.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
mediadb.kicker.de [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
oddcast.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
s0.2mdn.net [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
secure-uk.imrworldwide.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
spe.atdmt.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
static.youporn.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
videomedia.ign.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
vidii.hardsextube.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
www.ardmediathek.de [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
www.gina-lisa-sex-video.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
www.naiadsystems.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]
www.pornhub.com [ C:\Users\Benni\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DNSPH3JR ]



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=c8c2a8350708a241ab382ce1b62bd680
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-16 08:46:18
# local_time=2011-06-16 10:46:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=4096 16777195 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 211653 145783595 0 0
# compatibility_mode=8192 67108863 100 0 137 137 0 0
# scanned=275659
# found=5
# cleaned=0
# scan_time=6311
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\69d0c3c2-1c83f01b multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-6e6bea48 Java/TrojanDownloader.Agent.ME trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\4cfc289-1afccf6e multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Benni\Downloads\Setup_FreeFlvConverter692.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06102011_233601\C_Users\Benni\AppData\Roaming\Adobe\mmplayer.exe probably a variant of Win32/Agent.LZKRZEE trojan (unable to clean) 00000000000000000000000000000000 I

cosinus 16.06.2011 21:51
Bislang nur harmlose Cookies. Einfach löschen.

Tuidsi 16.06.2011 22:20
Okay. :)

Habe meinen Beitrag, glaub ich, etwas ungünstig editiert, daher nochmal der ESET-Log:



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=c8c2a8350708a241ab382ce1b62bd680
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-16 08:46:18
# local_time=2011-06-16 10:46:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=4096 16777195 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 211653 145783595 0 0
# compatibility_mode=8192 67108863 100 0 137 137 0 0
# scanned=275659
# found=5
# cleaned=0
# scan_time=6311
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\69d0c3c2-1c83f01b multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-6e6bea48 Java/TrojanDownloader.Agent.ME trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Benni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\4cfc289-1afccf6e multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Benni\Downloads\Setup_FreeFlvConverter692.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\06102011_233601\C_Users\Benni\AppData\Roaming\Adobe\mmplayer.exe probably a variant of Win32/Agent.LZKRZEE trojan (unable to clean) 00000000000000000000000000000000 I

cosinus 17.06.2011 09:11
Nur ein paar Überreste. Außerdme wird ein Setup bemängelt, da es wohl Adware in Form von einer Toolbar o.ä. beinhaltet.
Rechner sonst wieder im Lot?

Tuidsi 17.06.2011 12:43
Freut mich zu hören. :daumenhoc
Rechner ist, denke ich, wieder in Ordnung. Die abhanden gekommenen Verknüpfungen habe ich erneuert, nur die für den Desktop und "zwischen Fenstern umschalten" (oder wie das heißt) in der Taskleiste (rechts neben dem Windows-Symbol) habe ich nicht hinbekommen. Vielleicht kannst du mir da nen Tipp geben?
Außerdem befinden sich an verschiedenen Stellen im System noch einige wohl unnütze Datien wie desktop.ini, dem Ordner $RECYCLE.BIN (mit einer Papierkorb-Verknüpfung und einem leeren Ordner) oder dem leeren Ordner System Volume Information.

cosinus 17.06.2011 12:53
Durch die Infektion wurde dein Startmenü leergefegt, bei mir bisher bekannten Varianten verschiebt der Schädling alle Verknüpfungen nach %tmp%\smtmp

Schau bitte nach ob der Ordner smtmp entweder hier

=> C:\Qoobox\Quarantine\C\Users\[DEIN_NAME]\AppData\Local\Temp\smtmp

oder hier

=> C:\Users\[DEIN_NAME]\AppData\Local\Temp\smtmp

zu finden ist. Stell sicher, dass dir alle Dateien angezeigt werden => http://www.trojaner-board.de/59624-a...-sichtbar.html

Tuidsi 17.06.2011 13:25
Also, bei mir gibt es einen solchen Ordner dort nicht. Habe auch C: komplett nach smtmp durchsuchen lassen - nichts gefunden.
Die Ordneroptionen hatte ich bereits wie beschrieben.

Was mir noch aufgefallen ist: Wenn ich bei Firefox mehrere Tabs in einem Fenster habe und mehrfach zu einem wechsle, dann öffnet er diesen nach dem etwa 3. bis 5. Anklicken in einem neuen Fenster.

cosinus 17.06.2011 13:43
Zitat:
Also, bei mir gibt es einen solchen Ordner dort nicht. Habe auch C: komplett nach smtmp durchsuchen lassen - nichts gefunden.
Hm, dann sind die Verknüpfungen leider weg.

Zitat:
Wenn ich bei Firefox mehrere Tabs in einem Fenster habe und mehrfach zu einem wechsle, dann öffnet er diesen nach dem etwa 3. bis 5. Anklicken in einem neuen Fenster.
Erstell dir mal ein neues Profil und teste => Profile verwalten | Anleitung | Firefox-Hilfe

Tuidsi 18.06.2011 10:51
Okay. Gibt es eine Möglichkeit, die
Zitat:
Zitat von Tuidsi (Beitrag 673403)
Verknüpfungen für den Desktop und "zwischen Fenstern umschalten" in der Taskleiste
manuell wieder hinzubekommen?

Zitat:
Zitat von cosinus (Beitrag 673432)
Erstell dir mal ein neues Profil und teste
Scheint zu funktionieren, dankeschön! Indem man alle Addons/Lesezeichen erneuern muss, wird einem mal bewusst was man wirklich braucht... ;-)

cosinus 20.06.2011 07:25
Zitat:
Verknüpfungen für den Desktop und "zwischen Fenstern umschalten" in der Taskleiste
manuell wieder hinzubekommen?
Wüsste ich jetzt so aus dem Stehgreif nicht. Google könnte helfen :D
Aber es gibt auch Tastenkombinationen.
Desktop anzeigen = WIN+D
Zwischen Fenstern umschalten = WIN+TAB oder ALT+TAB

Tuidsi 24.06.2011 13:02
Hab nichts gefunden, das (bei Vista) funktioniert. Aber damit kann ich leben.
Wären wir ansonsten fertig?

cosinus 24.06.2011 13:24
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Tuidsi 11.07.2011 19:39
Super, dann nochmal vielen herzlichen Dank an dich und alle, die an diesem Board mitwirken! :applaus:
Die Deinstallationen haben soweit geklappt, bis auf SuperAntiSpyware.
Als ich es über die Systemsteuerung deinstallieren wollte, erschien die Fehlermeldung "Error reading uninstall data". Dann versuchte ich, den Programmordner zu löschen, funktionierte nicht; dann löschte ich alle Elemente des Ordners, was klappte, bis auf die Datei SASCTXMN.DLL. :wtf:
Habe es aus der Liste installierter Programme und Funktionen gelöscht, jetzt ist meiner Einschätzung nach nur noch der Ordner mit erwähnter Datei da.
Secunia PSI hat mir leider ein Firefox-Update in englischer Sprache heruntergeladen (hab mir dann das deutsche besorgt).
Außerdem hat das Sicherheitscenter festgestellt, dass mein G Data AntiVirenKit 2007 nicht mehr ganz auf dem neuesten Stand ist. :D Könntest du mir vielleicht ein Antivirenprogramm empfehlen?

cosinus 11.07.2011 22:07
Zitat:
Könntest du mir vielleicht ein Antivirenprogramm empfehlen?
Nimm MSE => Schutz vor Gefahren im Internet: Microsoft Security Essentials


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20