Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bitte helft mir, meinen BKA-Trojaner zu beseitigen! (https://www.trojaner-board.de/102477-bitte-helft-mir-meinen-bka-trojaner-beseitigen.html)

kira 16.08.2011 20:39
Wenn der Scan beendet ist, was mit Done! gemeldet wird, klicke Enter, um das Eingabe-Fenster zu schließen.
Poste mir den Inhalt von MBRCheck_<datum>.txt vom Desktop hier in den Thread.

me pure 16.08.2011 21:11
Ich kann lesen und das habe ich auch schon gelesen. Aber bei mir erstellt er diese Textdatei, ohne dass ein Done! kommt.
Folgendes steht da:
Zitat:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
dann drücke ich Y oder Enter und es erscheint:

Zitat:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:
und mehr nicht. Kein Done! oder irgendwas.Auf meinem Desktop erscheint die txt-datei und das programm macht nichts weiter.
also muss das ja die txt-dtei sein, die ich posten sollte.

kira 16.08.2011 21:25
MBR mit MBRCheck ersetzen

Wenn gemeldet wird: "Found non-standard or infected MBR":

http://image.hijackthis.eu/upload/hjt1-050.jpg

Achtung:
Die folgenden Angaben gelten ausschließlich für diesen Computer!
Nicht auf anderen Systemen benutzen!

Bei Enter your choice eingeben => 2 (für restore the MBR of a physical disk with a standard boot code) und Enter drücken.
Bei Enter the physical disc number to fix eingeben: 0 und Enter drücken.
Bei Available MBR codes: / Please select the MBR code to write to disc: eingeben: 5 (für Windows 7) und Enter drücken.
Bei Do you want to fix the MBR code? eingeben: YES und Enter drücken.

Nun sollte mit Successfully wrote new MBR code! gemeldet werden, dass der MBR erfolgreich neu geschrieben wurde.
Auf dem Desktop erscheint ein Logfile MBRCheck_<datum>.txt - bitte den Inhalt hier in den Thread posten.
Nun den Computer neu starten und berichten, ob die Probleme noch vorhanden sind.[/QUOTE]

me pure 16.08.2011 22:02
Also beim Avira Scan hab ich jetzt, weil es so in der Anleitung stand, mit Rootkitsuche gemacht. Hoffe das ist nicht schlimm

Zitat:
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Dienstag, 16. August 2011 21:45

Es wird nach 3246394 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ADMIN-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.700 35934 Bytes 21.07.2011 16:49:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 05.07.2011 18:01:32
AVSCAN.DLL : 10.0.5.0 57192 Bytes 05.07.2011 18:01:32
LUKE.DLL : 10.3.0.5 45416 Bytes 05.07.2011 18:01:32
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 05.07.2011 18:01:32
AVREG.DLL : 10.3.0.9 88833 Bytes 20.07.2011 16:01:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:15:11
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 14:15:12
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 17:10:05
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 17:10:07
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 20:11:09
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 18:00:56
VBASE007.VDF : 7.11.13.61 2048 Bytes 16.08.2011 18:00:56
VBASE008.VDF : 7.11.13.62 2048 Bytes 16.08.2011 18:00:56
VBASE009.VDF : 7.11.13.63 2048 Bytes 16.08.2011 18:00:56
VBASE010.VDF : 7.11.13.64 2048 Bytes 16.08.2011 18:00:56
VBASE011.VDF : 7.11.13.65 2048 Bytes 16.08.2011 18:00:56
VBASE012.VDF : 7.11.13.66 2048 Bytes 16.08.2011 18:00:56
VBASE013.VDF : 7.11.13.67 2048 Bytes 16.08.2011 18:00:56
VBASE014.VDF : 7.11.13.68 2048 Bytes 16.08.2011 18:00:56
VBASE015.VDF : 7.11.13.69 2048 Bytes 16.08.2011 18:00:57
VBASE016.VDF : 7.11.13.70 2048 Bytes 16.08.2011 18:00:57
VBASE017.VDF : 7.11.13.71 2048 Bytes 16.08.2011 18:00:57
VBASE018.VDF : 7.11.13.72 2048 Bytes 16.08.2011 18:00:57
VBASE019.VDF : 7.11.13.73 2048 Bytes 16.08.2011 18:00:57
VBASE020.VDF : 7.11.13.74 2048 Bytes 16.08.2011 18:00:57
VBASE021.VDF : 7.11.13.75 2048 Bytes 16.08.2011 18:00:57
VBASE022.VDF : 7.11.13.76 2048 Bytes 16.08.2011 18:00:57
VBASE023.VDF : 7.11.13.77 2048 Bytes 16.08.2011 18:00:57
VBASE024.VDF : 7.11.13.78 2048 Bytes 16.08.2011 18:00:57
VBASE025.VDF : 7.11.13.79 2048 Bytes 16.08.2011 18:00:58
VBASE026.VDF : 7.11.13.80 2048 Bytes 16.08.2011 18:00:58
VBASE027.VDF : 7.11.13.81 2048 Bytes 16.08.2011 18:00:58
VBASE028.VDF : 7.11.13.82 2048 Bytes 16.08.2011 18:00:58
VBASE029.VDF : 7.11.13.83 2048 Bytes 16.08.2011 18:00:58
VBASE030.VDF : 7.11.13.84 2048 Bytes 16.08.2011 18:00:58
VBASE031.VDF : 7.11.13.88 47104 Bytes 16.08.2011 18:00:58
Engineversion : 8.2.6.30
AEVDF.DLL : 8.1.2.1 106868 Bytes 28.03.2011 14:14:53
AESCRIPT.DLL : 8.1.3.74 1622393 Bytes 06.08.2011 14:44:31
AESCN.DLL : 8.1.7.2 127349 Bytes 28.03.2011 14:14:53
AESBX.DLL : 8.2.1.34 323957 Bytes 09.06.2011 17:10:14
AERDL.DLL : 8.1.9.13 639349 Bytes 20.07.2011 16:01:16
AEPACK.DLL : 8.2.9.5 676214 Bytes 20.07.2011 16:01:15
AEOFFICE.DLL : 8.1.2.13 201083 Bytes 29.07.2011 12:56:25
AEHEUR.DLL : 8.1.2.153 3678584 Bytes 11.08.2011 14:50:01
AEHELP.DLL : 8.1.17.7 254327 Bytes 29.07.2011 12:55:32
AEGEN.DLL : 8.1.5.7 401778 Bytes 06.08.2011 14:43:51
AEEMU.DLL : 8.1.3.0 393589 Bytes 28.03.2011 14:14:45
AECORE.DLL : 8.1.22.4 196983 Bytes 20.07.2011 16:01:11
AEBB.DLL : 8.1.1.0 53618 Bytes 28.03.2011 14:14:44
AVWINLL.DLL : 10.0.0.0 19304 Bytes 28.03.2011 14:14:57
AVPREF.DLL : 10.0.3.2 44904 Bytes 05.07.2011 18:01:32
AVREP.DLL : 10.0.0.10 174120 Bytes 09.06.2011 17:10:14
AVARKT.DLL : 10.0.26.1 255336 Bytes 05.07.2011 18:01:32
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 05.07.2011 18:01:32
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 28.03.2011 14:14:57
NETNT.DLL : 10.0.0.0 11624 Bytes 28.03.2011 14:15:04
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 05.07.2011 18:01:31
RCTEXT.DLL : 10.0.64.0 98664 Bytes 05.07.2011 18:01:31

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Dienstag, 16. August 2011 21:45

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'iexplore.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'LightScribeControlPanel.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'BJMYPRT.EXE' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDServ.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'MagicDoctorKbdHk.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasyBatteryMgr3.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasySpeedUpManager.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'dmhkcore.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '158' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '156' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf über die Masterbootsektoren wird begonnen:

Der Suchlauf über die Bootsektoren wird begonnen:
Masterbootsektor HD0
[FUND] Enthält Code des Bootsektorvirus BOO/TDss.D
[HINWEIS] Der Bootsektor wurde nicht repariert
Bootsektor 'C:\'
[FUND] Enthält Code des Bootsektorvirus BOO/TDss.D
[HINWEIS] Der Bootsektor wurde nicht repariert

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:

Die Registry wurde durchsucht ( '655' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'


Ende des Suchlaufs: Dienstag, 16. August 2011 22:44
Benötigte Zeit: 58:56 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

19712 Verzeichnisse wurden überprüft
254694 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
254694 Dateien ohne Befall
2444 Archive wurden durchsucht
0 Warnungen
2 Hinweise
454017 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Danke für die Hinweise bei dem MBRCheck, damit kann ich mehr anfangen :)

me pure 16.08.2011 22:17
Hier der MBRCheck

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R510/P510
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 137):
0x82048000 \SystemRoot\system32\ntoskrnl.exe
0x82015000 \SystemRoot\system32\hal.dll
0x8240E000 \SystemRoot\system32\kdcom.dll
0x82410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x82480000 \SystemRoot\system32\PSHED.dll
0x82491000 \SystemRoot\system32\BOOTVID.dll
0x82499000 \SystemRoot\system32\CLFS.SYS
0x824DA000 \SystemRoot\system32\CI.dll
0x825BA000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82636000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82643000 \SystemRoot\system32\drivers\acpi.sys
0x82689000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82692000 \SystemRoot\system32\drivers\msisadrv.sys
0x8269A000 \SystemRoot\system32\drivers\pci.sys
0x826C1000 \SystemRoot\System32\drivers\partmgr.sys
0x826D0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x826D3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x826DD000 \SystemRoot\system32\drivers\volmgr.sys
0x826EC000 \SystemRoot\System32\drivers\volmgrx.sys
0x82736000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A409000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A4D9000 \SystemRoot\system32\drivers\atapi.sys
0x8A4E1000 \SystemRoot\system32\drivers\ataport.SYS
0x8A4FF000 \SystemRoot\system32\drivers\msahci.sys
0x8A509000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A517000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A549000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A559000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A5CA000 \SystemRoot\system32\drivers\ndis.sys
0x8A6D5000 \SystemRoot\system32\drivers\msrpc.sys
0x8A700000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A80D000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A912000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AA22000 \SystemRoot\system32\drivers\volsnap.sys
0x8AA5B000 \SystemRoot\System32\Drivers\spldr.sys
0x8AA63000 \SystemRoot\System32\Drivers\mup.sys
0x8AA72000 \SystemRoot\System32\drivers\ecache.sys
0x8AA99000 \SystemRoot\system32\drivers\disk.sys
0x8AAAA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AACB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABB1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABBC000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E801000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8EF2E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EFCE000 \SystemRoot\System32\drivers\watchdog.sys
0x8EFDA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A73B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EFE5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x82746000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F000000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F0BF000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8F10B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F10F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F122000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F12D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F15B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F15D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F168000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F180000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F18F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F1BE000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F1FF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F20A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F221000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F22C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F24F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F25E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F272000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F287000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F297000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F299000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F2C3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F2CD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F2DA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F30F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F803000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FA03000 \SystemRoot\system32\drivers\portcls.sys
0x8FA30000 \SystemRoot\system32\drivers\drmk.sys
0x8FA55000 \SystemRoot\system32\drivers\HdAudio.sys
0x8FA94000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FA9D000 \SystemRoot\System32\Drivers\Null.SYS
0x8FAA4000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FAAB000 \SystemRoot\System32\drivers\vga.sys
0x8FAB7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FAD8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FAE0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FAE8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FAF3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FB01000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FB0A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FB20000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FB34000 \SystemRoot\system32\drivers\afd.sys
0x8FB7C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FBAE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FBC4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FBD2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FBE5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F320000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FBEB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F35C000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F373000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F39A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F3B1000 \SystemRoot\System32\Drivers\VMC302.sys
0x8F3ED000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8AAD4000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x96C40000 \SystemRoot\System32\win32k.sys
0x8FBF5000 \SystemRoot\System32\drivers\Dxapi.sys
0x8ABC5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96E60000 \SystemRoot\System32\TSDDD.dll
0x96E80000 \SystemRoot\System32\cdd.dll
0x8ABD4000 \SystemRoot\system32\drivers\luafv.sys
0x8A779000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8EFF4000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
0x9BC00000 \SystemRoot\system32\drivers\spsys.sys
0x9BCB0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9BCC0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9BCEA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9BCF4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9BD07000 \SystemRoot\system32\drivers\HTTP.sys
0x9BD74000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9BD91000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9BDAA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9BDBF000 \SystemRoot\system32\drivers\mrxdav.sys
0x9BDE0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9BDFF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9BE38000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9BE50000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9BE78000 \SystemRoot\System32\DRIVERS\srv.sys
0x9BEDF000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9BF08000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9BF0D000 \SystemRoot\system32\drivers\peauth.sys
0x9BFEB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9BEC7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8A790000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x8A7B6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77100000 \Windows\System32\ntdll.dll

Processes (total 72):
0 System Idle Process
4 System
536 C:\Windows\System32\smss.exe
604 csrss.exe
656 csrss.exe
664 C:\Windows\System32\wininit.exe
700 C:\Windows\System32\services.exe
716 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
868 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\nvvsvc.exe
952 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\audiodg.exe
1188 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\SLsvc.exe
1236 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\winlogon.exe
1428 C:\Windows\System32\svchost.exe
1640 C:\Windows\System32\rundll32.exe
1840 C:\Windows\System32\spoolsv.exe
1876 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1920 C:\Windows\System32\svchost.exe
2024 C:\Windows\System32\taskeng.exe
248 C:\Windows\System32\dwm.exe
12 C:\Windows\explorer.exe
876 C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
652 C:\Program Files\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
2116 C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
2128 C:\Windows\System32\taskeng.exe
2204 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2280 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2476 C:\Program Files\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe
2520 C:\Windows\System32\svchost.exe
2536 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2556 C:\Program Files\SamSung\Samsung Update Plus\SLUBackgroundService.exe
2588 C:\Windows\System32\svchost.exe
2696 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2816 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
2844 C:\Windows\System32\svchost.exe
2868 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2916 C:\Windows\System32\SearchIndexer.exe
2980 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3268 C:\Program Files\Windows Defender\MSASCui.exe
3284 C:\Windows\System32\rundll32.exe
3404 C:\Program Files\Internet Explorer\iexplore.exe
3456 C:\Program Files\Internet Explorer\iexplore.exe
3544 C:\Windows\RtHDVCpl.exe
3700 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3716 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
3724 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3748 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3760 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3784 C:\Program Files\Windows Sidebar\sidebar.exe
3796 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3804 C:\Windows\ehome\ehtray.exe
3816 C:\Program Files\ICQ7.5\ICQ.exe
3824 C:\Program Files\Windows Media Player\wmpnscfg.exe
4016 C:\Windows\ehome\ehmsas.exe
4060 C:\Program Files\Windows Sidebar\sidebar.exe
2776 C:\Windows\System32\alg.exe
2808 C:\Windows\System32\svchost.exe
3352 C:\Program Files\Windows Media Player\wmpnetwk.exe
3192 WmiPrvSE.exe
2976 C:\Windows\System32\SearchProtocolHost.exe
2608 C:\Windows\System32\SearchFilterHost.exe
3756 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1176 C:\Users\Admin\Desktop\MBRCheck.exe
1328 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2250BHG2, Rev: 00000009

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

kira 17.08.2011 05:22

Öffne CCleaner
  • "Cleaner"-->"Analysieren"-->Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"--> "Fehler beheben"-->"Alle beheben"
  • Starte dein System neu auf


Alte Log-Datei löschen und das Tool nochmal ausführen
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    mbr.exe -t > C:\mbr.log & C:\mbr.log
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.


erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

me pure 17.08.2011 12:36
Zitat:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.0.6002 Disk: FUJITSU_ rev.0000 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86B47ED1]<<
1 nt!IofCallDriver[0x8208E11B] -> \Device\Harddisk0\DR0[0x8656CAC8]
3 CLASSPNP[0x8AAA48B3] -> nt!IofCallDriver[0x8208E11B] -> \Device\Ide\IAAStorageDevice-1[0x8543F028]
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\iaStor -> 0x86b47ed1
user & kernel MBR OK
Warning: possible MBR rootkit infection !
OTL Logfile:
Code:
OTL logfile created on: 17.08.2011 13:29:27 - Run 7
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 57,10% Memory free
6,18 Gb Paging File | 4,85 Gb Available in Paging File | 78,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 157,03 Gb Free Space | 70,45% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.09 20:28:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011.08.01 10:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.5\ICQ.exe
PRC - [2011.07.05 20:01:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.10 19:09:50 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.05.22 17:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\SamSung\Easy Display Manager\dmhkcore.exe
PRC - [2008.04.25 21:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.04.17 20:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.17 15:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\SamSung\EBM\EasyBatteryMgr3.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.07.05 07:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.09 20:28:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.05 20:01:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.05.13 08:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.05 20:01:32 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.05 20:01:32 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.18 19:33:20 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.06.18 19:33:10 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.06.09 16:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.04.05 23:56:26 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2007.09.14 00:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.11.14 09:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.04 20:37:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.07.04 20:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.08.09 15:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\2cazqile.default\extensions
[2011.08.13 23:44:01 | 000,000,000 | ---D | M] (Collusion) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\2cazqile.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack
[2011.07.09 12:15:31 | 000,005,212 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2cazqile.default\searchplugins\ecosia.xml
[2011.08.13 21:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2CAZQILE.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2CAZQILE.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011.06.10 07:34:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2011.08.13 21:01:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Power2GoExpress]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.16 00:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011.08.15 22:11:47 | 124,539,416 | ---- | C] (Kaspersky Lab) -- C:\Users\Admin\Desktop\pure9.1.0.124de.exe
[2011.08.14 13:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.14 13:38:34 | 003,447,576 | ---- | C] (Piriform Ltd) -- C:\Users\Admin\Desktop\ccsetup309.exe
[2011.08.13 21:29:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.13 21:01:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.13 17:52:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.13 16:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.08.13 16:01:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2011.08.13 15:01:11 | 000,100,864 | ---- | C] (GMER) -- C:\aglorpod.sys
[2011.08.13 12:36:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.08.12 09:42:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{338FF2CA-3989-44E5-BF69-7E14A276D5BE}
[2011.08.12 09:42:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1BAEED21-5972-480A-94CE-6A8A62D7931B}
[2011.08.12 09:16:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{511A0DD0-D1E8-44F8-A9DA-7AA6A9740D82}
[2011.08.11 20:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.08.11 20:20:51 | 019,075,976 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup_4.2.0.187.exe
[2011.08.11 19:22:43 | 001,081,480 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2011.08.11 19:22:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.08.11 19:06:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.08.11 19:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SamSung
[2011.08.11 19:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer
[2011.08.11 18:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.08.11 18:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros WLAN Client
[2011.08.11 16:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.11 16:47:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3D030450-9D94-45EB-8361-913E16DD713C}
[2011.08.11 16:46:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BCB02616-5F94-4466-840D-D38F461A866E}
[2011.08.11 16:33:10 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\TDSSKiller.exe
[2011.08.10 13:45:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B7021062-028F-4C93-9DE1-57C1B9825AE8}
[2011.08.10 13:43:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6663092A-5C4E-46FB-8A4D-D67248609360}
[2011.08.09 21:22:59 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup-1.51.1.1800.exe
[2011.08.09 18:00:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011.08.09 17:59:55 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.09 17:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.09 17:59:37 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.09 17:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.09 17:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.08.09 13:43:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\BaFög
[2011.08.09 11:57:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{674DFE49-F584-4EF6-B17C-9C8BA7624020}
[2011.08.09 11:57:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7878D6C1-150C-4EAE-9B96-AAB755BFC765}
[2011.08.08 16:00:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A3E22906-1A54-4411-9B26-CDB7921A5418}
[2011.08.08 15:59:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C2E8339B-55B4-467F-B3A8-5FCCCCB8095C}
[2011.08.07 23:44:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3ADAE302-1C44-4D76-91A3-BE9B1D22380F}
[2011.08.07 23:44:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B61B1800-7037-447A-AC1F-ED3D870F730E}
[2011.08.06 16:42:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C3705ED2-D531-4179-AFB0-FC317CFC8E91}
[2011.08.05 11:49:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1D8B70B1-2766-44FA-9577-AB161998536F}
[2011.08.05 11:49:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2BC1701D-E2B1-40E0-8E89-1B9C2F090BD2}
[2011.08.04 10:26:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F97D3A39-F6E8-463B-BBA5-C1571B776E03}
[2011.08.04 10:26:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8EE4828D-641E-42E2-B3EA-344405A1CDB2}
[2011.08.04 00:31:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{14DBF0F1-FD34-45B7-A7C9-7762BCC738B0}
[2011.08.03 16:50:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\2011_08_03
[2011.08.03 16:45:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Canon
[2011.08.03 16:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonBJ
[2011.08.03 16:42:56 | 000,216,064 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM8S.DLL
[2011.08.03 16:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011.08.03 11:21:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{98616688-5746-46E2-96D5-3709E60B4703}
[2011.08.03 11:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0CB8A063-7C8B-4223-8722-EBBD2C4E802E}
[2011.08.03 11:21:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5EDE80A4-4D84-474E-824E-2A8964E5C013}
[2011.08.02 21:35:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F07CD4EB-65A8-4BBA-B481-D7F625632802}
[2011.08.02 21:35:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5DFB23BD-67FF-4D88-B448-2D811D95327F}
[2011.08.02 09:55:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Meine empfangenen Dateien
[2011.08.02 09:35:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B3EFD0B3-F8A5-4A63-9284-FE196D2E8E91}
[2011.08.02 09:35:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A2F75EDF-27B3-4307-81FD-7F36B366A816}
[2011.08.02 01:08:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\prince
[2011.08.01 01:38:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2130C5B3-0AAC-4FC6-8C59-7BCA0B26D3F9}
[2011.08.01 01:32:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E04867DC-9E03-440E-B78E-56E984C3FD74}
[2011.07.29 15:09:54 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.29 15:09:51 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.29 15:09:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.07.27 20:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011.07.26 10:28:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{21F991C7-1540-44DB-BD67-8E4896DFD49E}
[2011.07.25 17:51:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{30CAD578-2435-459C-A7CC-3F5021053DE7}
[2011.07.25 17:50:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\Tracing
[2011.07.25 17:19:03 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011.07.25 17:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011.07.25 17:15:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.07.25 17:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011.07.25 17:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.07.25 17:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011.07.25 17:12:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Windows Live
[2011.07.25 17:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2006.11.24 23:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 23:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.17 13:20:25 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.17 13:19:57 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.17 13:18:29 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.08.17 13:18:15 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 13:18:14 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 13:18:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.17 13:17:35 | 3215,552,512 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.17 13:14:35 | 000,037,584 | ---- | M] () -- C:\Users\Admin\Desktop\cc_20110817_131424.reg
[2011.08.16 23:51:24 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.08.16 20:21:58 | 000,080,384 | ---- | M] () -- C:\Users\Admin\Desktop\MBRCheck.exe
[2011.08.15 22:14:45 | 124,539,416 | ---- | M] (Kaspersky Lab) -- C:\Users\Admin\Desktop\pure9.1.0.124de.exe
[2011.08.14 14:09:22 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.14 14:09:22 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.14 14:09:22 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.14 14:09:22 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.14 13:39:23 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.14 13:38:36 | 003,447,576 | ---- | M] (Piriform Ltd) -- C:\Users\Admin\Desktop\ccsetup309.exe
[2011.08.14 11:40:08 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.08.14 11:40:08 | 000,089,088 | ---- | M] () -- C:\Users\Admin\Desktop\mbr.exe
[2011.08.13 23:06:16 | 000,014,120 | ---- | M] () -- C:\Users\Admin\Documents\bookmarks-2011-08-13.json
[2011.08.13 21:26:55 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2011.08.13 21:01:57 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.08.13 16:01:36 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2011.08.13 15:01:11 | 000,100,864 | ---- | M] (GMER) -- C:\aglorpod.sys
[2011.08.13 14:45:17 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\6xnt2mxq.exe
[2011.08.12 02:48:29 | 000,000,846 | ---- | M] () -- C:\Users\Admin\Desktop\firefox - Verknüpfung.lnk
[2011.08.11 20:25:47 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011.08.11 20:21:12 | 019,075,976 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup_4.2.0.187.exe
[2011.08.11 19:23:10 | 001,081,480 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2011.08.11 18:52:48 | 000,000,104 | ---- | M] () -- C:\Users\Admin\Desktop\Computer - Verknüpfung.lnk
[2011.08.11 16:51:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 16:33:10 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\TDSSKiller.exe
[2011.08.09 20:28:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.08.09 20:28:06 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup-1.51.1.1800.exe
[2011.08.09 17:52:01 | 000,252,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.30 20:13:15 | 000,020,480 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2011.08.17 13:14:32 | 000,037,584 | ---- | C] () -- C:\Users\Admin\Desktop\cc_20110817_131424.reg
[2011.08.16 20:22:05 | 000,080,384 | ---- | C] () -- C:\Users\Admin\Desktop\MBRCheck.exe
[2011.08.14 13:39:23 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.14 11:41:12 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.08.14 11:40:22 | 000,089,088 | ---- | C] () -- C:\Users\Admin\Desktop\mbr.exe
[2011.08.14 10:19:42 | 3215,552,512 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.13 23:06:16 | 000,014,120 | ---- | C] () -- C:\Users\Admin\Documents\bookmarks-2011-08-13.json
[2011.08.13 21:26:55 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2011.08.13 14:45:25 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\6xnt2mxq.exe
[2011.08.12 02:48:29 | 000,000,846 | ---- | C] () -- C:\Users\Admin\Desktop\firefox - Verknüpfung.lnk
[2011.08.11 20:25:47 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.08.11 20:24:16 | 000,002,379 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.08.11 18:52:48 | 000,000,104 | ---- | C] () -- C:\Users\Admin\Desktop\Computer - Verknüpfung.lnk
[2011.08.11 16:51:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.09 17:22:59 | 000,504,657 | ---- | C] () -- C:\Users\Admin\Desktop\unhide.exe
[2011.07.04 20:37:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.18 19:33:20 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.06.18 19:33:10 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.06.12 23:40:48 | 000,023,580 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2011.06.10 18:03:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.10 07:35:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.06.10 07:35:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.06.09 21:15:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.06.09 20:43:28 | 000,020,480 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.09 19:13:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.09 18:44:14 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2011.06.09 18:40:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011.06.09 18:39:06 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.06.09 18:39:05 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.06.09 18:25:49 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2011.06.09 18:25:49 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2011.06.09 18:16:42 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2011.06.09 18:16:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2011.06.09 18:05:05 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.02.26 16:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.16 01:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.30 02:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.30 02:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,252,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.09 19:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
 
========== LOP Check ==========
 
[2011.08.03 16:45:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2011.08.16 21:03:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2011.06.12 23:40:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2011.08.17 13:15:33 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 17.08.2011 13:29:27 - Run 7
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 57,10% Memory free
6,18 Gb Paging File | 4,85 Gb Available in Paging File | 78,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 157,03 Gb Free Space | 70,45% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-679186329-3352478774-2945693008-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ADBA36C-E641-4E0B-91E4-F52954F52A2B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13251F6D-25E0-4221-9637-A62C4D4D30BD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{15146B19-FF7C-4855-B6A5-F90DF6178022}" = rport=137 | protocol=17 | dir=out | app=system |
"{1556D602-93B9-4300-9751-14F06D0CE541}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2A26A99E-F55F-4B15-9582-4EA040562D0D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3BFD8104-3A86-4E03-B26F-002F23B03C55}" = rport=445 | protocol=6 | dir=out | app=system |
"{3EA02309-F11D-43D6-B8A2-9FD85A3D0379}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{418FEDB7-73DA-4219-94CC-929D2A794FB1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E35DF6D-A8A9-4EF8-9069-5B3F33732498}" = rport=138 | protocol=17 | dir=out | app=system |
"{616BE416-E9D8-41D4-99AC-5B435FA21864}" = lport=137 | protocol=17 | dir=in | app=system |
"{68F19B96-B633-4690-B3D4-58A1AD7A55B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A0A9154-99C3-41EE-808F-4950353357CF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{80BDE7CD-9EAC-4CC7-AF1D-CEA1687DDDAB}" = rport=139 | protocol=6 | dir=out | app=system |
"{82B1649E-4EC5-4FDD-92AA-51586073F31E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF5DC36-0D3D-4C5D-923D-94345E33431D}" = lport=445 | protocol=6 | dir=in | app=system |
"{96B24376-A280-4CF0-B713-7D33B7B00D0D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A858AEEC-1AF3-4567-80C7-F74D8E781589}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B9E2BBE0-5FA5-46FD-A9D0-D063A19F6FA2}" = lport=138 | protocol=17 | dir=in | app=system |
"{BAC83331-82BE-4637-A7EB-2FE71F8E45B5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C3B2B21E-8511-48BA-9950-8824CE9B6137}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9BAD1CC-2E9A-42AB-894A-946EC7BE733F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{CF281BBD-7CBA-463A-BF8F-48A1E6B189E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D86575B9-5514-45B5-B955-9CC47207AE48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE7966DE-3C54-4E2B-8A8F-5E0826D16F2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3209084-DED2-44B0-B131-517FED2C2BB4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EE17490A-453A-486B-B5C7-0465038C5149}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F9B9108C-5B4F-4DEF-B0E0-C64DE3D2D4DC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9F82218-D3F2-4985-959E-0E1D83D6A671}" = lport=139 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C4058D6-466F-4DF1-8563-1B73AEE2D085}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0C437E0D-541C-4A3E-9877-3CB2E2264674}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CC42F0B-CC1E-4F19-9CB2-2EE06B02D19B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BEE355E-14A5-4746-BF13-EA3B60C96C5C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2108BD04-B816-4659-888A-A05815F9B6D7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{241813D0-BD8C-4D2E-B14E-573B85D04586}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{242D6C48-4222-4C19-9664-76D0D433963F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AAED9A4-B04B-4EAE-83F7-0C647FF5A478}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2B51C36C-4B96-4F79-ADBB-F2AF837D739C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{317F13BB-C9FF-48A7-8247-4C91F90CC3EE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{371F089A-29CE-4E27-91B0-CEFB40B05906}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{42B3BFF8-CFC3-4C1E-9D81-5CF0C4E10189}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{452F5643-B50A-4ABE-A191-84E6726320D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50EAF023-5BCC-44EC-852D-874FEBECA39F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{515DAF4F-EA65-497A-A014-48D276D03453}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55A87A74-1A9A-4D92-9EFB-F8AF3E176A5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{577E609D-0042-441B-9138-18B56DF9A621}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D54B558-6AB3-4876-BF74-FCFFCFAECE96}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{675F1147-6BCD-43FC-95F3-5983294485F1}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{6BA6EBB8-462F-40EA-88C1-7CB1D1A90937}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C6BDC9A-7F9C-4A1B-9E2B-0137A77E2188}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{833CB862-9911-4101-B067-16A1BA9BE03F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{9D8FE41A-DCE3-4D9E-A33C-9E2F049ED668}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{ACCED9F2-1245-4269-AB9E-3674FFD9510B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD7F6F1F-5F9F-46E7-953C-F1E77037A50D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AEE2E7C9-17AB-46EA-915F-DFDE265E690F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{B0C7792B-9FEC-42DE-B083-52B028054523}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2ED03F3-4D9B-4E3C-A5FB-D554337F389F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3A0AE9B-1CF5-4653-B159-6BC9BB0E3279}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B426F91E-BB9F-40C5-808F-CAA63E1AF467}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B99F807B-FE70-4F9D-ABFC-C2DFA8447397}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{BDA0A150-C483-4122-ADD0-BCCC88C1B4BA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BECF143A-F351-4F69-B285-16B7370859C6}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{BEF99939-DA35-4AF6-A55C-12A938A6ED13}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{C6FFC124-EE7F-4C96-BFD3-39702B72F407}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{E08B9F28-9A1B-4176-AF59-F366E0E6B6B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDD100B9-ED24-45FB-A6A0-4F38A60195D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{6B966A52-A656-44C7-9657-4F933945FC93}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{A51E600C-B375-49E0-91BB-0ACB096B7221}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{69901D32-F6D1-4CC7-8085-8AF950869624}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{873C3911-A7F4-4B1F-8E0B-7F3230495136}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"YDKJG3" = YOU DON'T KNOW JACK® 3 - Abwärts!
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.08.2011 18:40:46 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 15.08.2011 18:40:46 | Computer Name = Admin-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 15.08.2011 19:48:01 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 16.08.2011 04:30:38 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 16.08.2011 04:44:47 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 16.08.2011 11:56:38 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 16.08.2011 13:28:45 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 16.08.2011 17:13:45 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 17.08.2011 07:04:22 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 17.08.2011 07:19:24 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
[ Media Center Events ]
Error - 12.06.2011 02:10:16 | Computer Name = Admin-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 09.06.2011 15:28:20 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 09.06.2011 15:28:36 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 09.06.2011 15:32:47 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =
 
Error - 09.06.2011 15:58:06 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 09.06.2011 15:59:23 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10.06.2011 00:54:44 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 10.06.2011 00:56:02 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10.06.2011 11:56:25 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 10.06.2011 11:56:52 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10.06.2011 12:32:36 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---


fertig :) hoffentlich kannst du damit etwas anfangen

kira 17.08.2011 13:48
gehe zu diesem Link und folge der Anleitung um den MBR zu reparieren:-> http://www.wintotal.de/tipparchiv/?id=1695
verwende Die Option /FixMbr !

me pure 17.08.2011 16:30
Dieses Programm Bootrec.exe, muss ich das erst runterladen oder wie?

Wenn ich die DVD einlege, erscheint kein "Computerreparationsoptionen" sondern nur
Kompatibilität online prüfen ->

Jetzt installieren ->

und darunter
Wissenswertes vor der Windows-Installation

Datein und Einstellungen von einem anderen Computer übertragen

me pure 17.08.2011 16:59
Ok hab mich durchgefuchst und hab es hinbekommen. Nach der Eingabe hab ich den Computer neu gestartet, wie als Option auszuwählen war.

Jetzt kommt bestimmt nochmal ein OTL-Scan zur Überprüfung, oder? :)
Ist der PC jetzt sauber?

kira 17.08.2011 17:50
1.
versuche jetzt Kaspersky erneut ausführen..:-> http://www.trojaner-board.de/102477-...tml#post693235

wenn gelingt es nicht:
2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    mbr.exe -t > C:\mbr.log & C:\mbr.log
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.

3.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

me pure 17.08.2011 18:24
Yeah, der tdsskiller hat funktioniert!!!bin erstmal erleichtert.

Zitat:
2011/08/17 19:06:19.0755 1188 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/17 19:06:19.0904 1188 ================================================================================
2011/08/17 19:06:19.0904 1188 SystemInfo:
2011/08/17 19:06:19.0904 1188
2011/08/17 19:06:19.0904 1188 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/17 19:06:19.0904 1188 Product type: Workstation
2011/08/17 19:06:19.0904 1188 ComputerName: ADMIN-PC
2011/08/17 19:06:19.0904 1188 UserName: Admin
2011/08/17 19:06:19.0904 1188 Windows directory: C:\Windows
2011/08/17 19:06:19.0904 1188 System windows directory: C:\Windows
2011/08/17 19:06:19.0904 1188 Processor architecture: Intel x86
2011/08/17 19:06:19.0904 1188 Number of processors: 2
2011/08/17 19:06:19.0904 1188 Page size: 0x1000
2011/08/17 19:06:19.0904 1188 Boot type: Normal boot
2011/08/17 19:06:19.0904 1188 ================================================================================
2011/08/17 19:06:20.0389 1188 Initialize success
2011/08/17 19:13:23.0296 2212 ================================================================================
2011/08/17 19:13:23.0296 2212 Scan started
2011/08/17 19:13:23.0296 2212 Mode: Manual;
2011/08/17 19:13:23.0296 2212 ================================================================================
2011/08/17 19:13:23.0754 2212 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/17 19:13:23.0854 2212 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/17 19:13:23.0909 2212 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/17 19:13:23.0974 2212 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/17 19:13:24.0140 2212 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/17 19:13:24.0262 2212 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/17 19:13:24.0358 2212 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/17 19:13:24.0473 2212 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/17 19:13:24.0571 2212 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/17 19:13:24.0720 2212 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/17 19:13:24.0837 2212 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/17 19:13:24.0895 2212 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/17 19:13:24.0970 2212 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/17 19:13:25.0089 2212 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/17 19:13:25.0162 2212 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/17 19:13:25.0245 2212 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/17 19:13:25.0334 2212 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/17 19:13:25.0430 2212 athr (91e15b0a1d6f7b99ace55d04c6d1544a) C:\Windows\system32\DRIVERS\athr.sys
2011/08/17 19:13:25.0594 2212 atksgt (5b80e84af6b02ecab72dae9afee06309) C:\Windows\system32\DRIVERS\atksgt.sys
2011/08/17 19:13:25.0683 2212 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/17 19:13:25.0779 2212 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/17 19:13:25.0857 2212 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/17 19:13:25.0928 2212 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/17 19:13:25.0994 2212 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/17 19:13:26.0058 2212 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/17 19:13:26.0100 2212 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/17 19:13:26.0205 2212 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/17 19:13:26.0321 2212 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/17 19:13:26.0535 2212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/17 19:13:26.0667 2212 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/17 19:13:26.0737 2212 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/17 19:13:26.0820 2212 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/17 19:13:26.0885 2212 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/17 19:13:26.0993 2212 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/17 19:13:27.0154 2212 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/17 19:13:27.0283 2212 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/17 19:13:27.0417 2212 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/17 19:13:27.0492 2212 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/17 19:13:27.0612 2212 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/17 19:13:27.0689 2212 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/17 19:13:27.0820 2212 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/17 19:13:27.0936 2212 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/17 19:13:28.0053 2212 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/17 19:13:28.0159 2212 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/17 19:13:28.0246 2212 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/17 19:13:28.0421 2212 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/17 19:13:28.0535 2212 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/17 19:13:28.0616 2212 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/17 19:13:28.0748 2212 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/17 19:13:28.0854 2212 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/17 19:13:28.0922 2212 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/17 19:13:29.0017 2212 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/17 19:13:29.0071 2212 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/17 19:13:29.0126 2212 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/17 19:13:29.0206 2212 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/17 19:13:29.0312 2212 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/17 19:13:29.0387 2212 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/17 19:13:29.0524 2212 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/08/17 19:13:29.0783 2212 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/17 19:13:29.0938 2212 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/17 19:13:30.0141 2212 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/17 19:13:30.0280 2212 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/17 19:13:30.0382 2212 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/17 19:13:30.0518 2212 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/17 19:13:30.0585 2212 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/17 19:13:30.0667 2212 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/17 19:13:30.0750 2212 iaStor (f263a9036f8897ffa2ae54685e03ad60) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/17 19:13:30.0894 2212 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/17 19:13:31.0010 2212 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/17 19:13:31.0166 2212 IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/17 19:13:31.0289 2212 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/17 19:13:31.0376 2212 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/17 19:13:31.0447 2212 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/17 19:13:31.0644 2212 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/17 19:13:31.0808 2212 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/17 19:13:31.0996 2212 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/17 19:13:32.0170 2212 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/17 19:13:32.0229 2212 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/17 19:13:32.0429 2212 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/17 19:13:32.0496 2212 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/17 19:13:32.0635 2212 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/17 19:13:32.0675 2212 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/08/17 19:13:32.0749 2212 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
2011/08/17 19:13:33.0021 2212 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/17 19:13:33.0326 2212 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/08/17 19:13:33.0459 2212 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/17 19:13:33.0662 2212 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/17 19:13:33.0773 2212 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/17 19:13:33.0978 2212 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/17 19:13:34.0082 2212 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/17 19:13:34.0194 2212 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/17 19:13:34.0274 2212 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/17 19:13:34.0485 2212 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/17 19:13:34.0644 2212 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/17 19:13:34.0741 2212 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/17 19:13:34.0920 2212 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/17 19:13:35.0017 2212 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/17 19:13:35.0136 2212 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/17 19:13:35.0197 2212 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/17 19:13:35.0333 2212 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/17 19:13:35.0453 2212 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/17 19:13:35.0563 2212 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/17 19:13:35.0729 2212 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/17 19:13:35.0790 2212 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/17 19:13:35.0873 2212 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/08/17 19:13:35.0963 2212 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/17 19:13:36.0064 2212 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/17 19:13:36.0145 2212 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/17 19:13:36.0215 2212 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/17 19:13:36.0296 2212 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/17 19:13:36.0348 2212 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/17 19:13:36.0417 2212 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/17 19:13:36.0621 2212 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/17 19:13:36.0692 2212 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/17 19:13:36.0758 2212 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/17 19:13:36.0864 2212 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/17 19:13:37.0029 2212 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/17 19:13:37.0098 2212 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/17 19:13:37.0177 2212 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/17 19:13:37.0265 2212 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/17 19:13:37.0356 2212 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/17 19:13:37.0465 2212 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/17 19:13:37.0579 2212 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/17 19:13:37.0732 2212 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/17 19:13:37.0877 2212 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/17 19:13:38.0012 2212 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/17 19:13:38.0150 2212 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/17 19:13:38.0262 2212 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/17 19:13:38.0349 2212 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/17 19:13:39.0192 2212 nvlddmkm (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/17 19:13:39.0366 2212 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/17 19:13:39.0427 2212 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/17 19:13:39.0491 2212 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/17 19:13:39.0862 2212 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/17 19:13:39.0995 2212 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/17 19:13:40.0075 2212 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/17 19:13:40.0132 2212 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/17 19:13:40.0190 2212 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/17 19:13:40.0243 2212 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/08/17 19:13:40.0312 2212 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/17 19:13:40.0403 2212 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/17 19:13:40.0557 2212 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/17 19:13:40.0611 2212 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/17 19:13:40.0701 2212 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/17 19:13:40.0786 2212 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/17 19:13:40.0840 2212 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/17 19:13:40.0880 2212 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/17 19:13:40.0914 2212 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/17 19:13:40.0981 2212 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/17 19:13:41.0054 2212 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/17 19:13:41.0114 2212 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/17 19:13:41.0170 2212 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/17 19:13:41.0234 2212 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/17 19:13:41.0308 2212 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/17 19:13:41.0360 2212 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/17 19:13:41.0448 2212 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/17 19:13:41.0521 2212 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/17 19:13:41.0601 2212 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/17 19:13:41.0676 2212 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/17 19:13:41.0746 2212 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/17 19:13:41.0789 2212 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/17 19:13:41.0833 2212 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/17 19:13:41.0908 2212 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/17 19:13:41.0965 2212 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/17 19:13:42.0011 2212 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/17 19:13:42.0060 2212 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/17 19:13:42.0117 2212 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/17 19:13:42.0163 2212 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/17 19:13:42.0226 2212 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/17 19:13:42.0300 2212 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/17 19:13:42.0396 2212 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/17 19:13:42.0498 2212 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/17 19:13:42.0583 2212 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/17 19:13:42.0634 2212 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/17 19:13:42.0688 2212 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/08/17 19:13:42.0771 2212 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/17 19:13:42.0825 2212 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/17 19:13:42.0877 2212 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/17 19:13:42.0943 2212 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/17 19:13:43.0017 2212 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/17 19:13:43.0150 2212 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/08/17 19:13:43.0273 2212 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/17 19:13:43.0338 2212 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/17 19:13:43.0415 2212 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/17 19:13:43.0479 2212 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/17 19:13:43.0565 2212 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/17 19:13:43.0694 2212 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/17 19:13:43.0782 2212 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/17 19:13:43.0828 2212 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/17 19:13:43.0991 2212 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/17 19:13:44.0157 2212 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/17 19:13:44.0269 2212 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/17 19:13:44.0482 2212 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/17 19:13:44.0616 2212 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/17 19:13:44.0728 2212 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/17 19:13:44.0854 2212 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/17 19:13:45.0043 2212 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/17 19:13:45.0158 2212 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/17 19:13:45.0213 2212 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/17 19:13:45.0366 2212 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/17 19:13:45.0485 2212 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/17 19:13:45.0702 2212 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/17 19:13:45.0809 2212 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/17 19:13:45.0894 2212 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/17 19:13:46.0025 2212 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/17 19:13:46.0161 2212 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/17 19:13:46.0241 2212 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/17 19:13:46.0348 2212 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/17 19:13:46.0455 2212 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/17 19:13:46.0587 2212 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/17 19:13:46.0762 2212 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/17 19:13:46.0925 2212 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/17 19:13:47.0025 2212 VMC302 (2b0970a8c0a65874eff4aa436e651d85) C:\Windows\system32\Drivers\VMC302.sys
2011/08/17 19:13:47.0117 2212 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/17 19:13:47.0202 2212 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/17 19:13:47.0266 2212 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/17 19:13:47.0339 2212 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/17 19:13:47.0501 2212 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/17 19:13:47.0560 2212 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/17 19:13:47.0589 2212 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/17 19:13:47.0651 2212 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/17 19:13:47.0813 2212 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/17 19:13:48.0032 2212 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/17 19:13:48.0146 2212 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/17 19:13:48.0217 2212 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/17 19:13:48.0294 2212 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/08/17 19:13:48.0338 2212 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/17 19:13:48.0365 2212 Boot (0x1200) (6f3f71286e4c8620d71d7bcae139d743) \Device\Harddisk0\DR0\Partition0
2011/08/17 19:13:48.0376 2212 ================================================================================
2011/08/17 19:13:48.0376 2212 Scan finished
2011/08/17 19:13:48.0376 2212 ================================================================================
2011/08/17 19:13:48.0392 2752 Detected object count: 0
2011/08/17 19:13:48.0392 2752 Actual detected object count: 0
Ist das gut, dass der nichts gefunden hat?

und hier die OTL-logs

OTL Logfile:
Code:
OTL logfile created on: 17.08.2011 19:20:31 - Run 8
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,71% Memory free
6,21 Gb Paging File | 5,13 Gb Available in Paging File | 82,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 156,46 Gb Free Space | 70,20% Space Free | Partition Type: NTFS
Drive D: | 2,89 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.17 14:44:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.08.09 20:28:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011.08.01 10:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.5\ICQ.exe
PRC - [2011.07.05 20:01:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.22 17:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\SamSung\Easy Display Manager\dmhkcore.exe
PRC - [2008.04.25 21:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\SamSung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.04.17 20:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.17 15:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\SamSung\EBM\EasyBatteryMgr3.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.07.05 07:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\SamSung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.09 20:28:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.05 20:01:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.05.13 08:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.05 20:01:32 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.05 20:01:32 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.18 19:33:20 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.06.18 19:33:10 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.06.09 16:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.04.05 23:56:26 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2007.09.14 00:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.11.14 09:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.17 14:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.07.04 20:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.08.09 15:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\2cazqile.default\extensions
[2011.08.13 23:44:01 | 000,000,000 | ---D | M] (Collusion) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\2cazqile.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack
[2011.07.09 12:15:31 | 000,005,212 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2cazqile.default\searchplugins\ecosia.xml
[2011.08.13 21:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2CAZQILE.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2CAZQILE.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011.06.10 07:34:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.08.17 14:44:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2011.08.13 21:01:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Power2GoExpress]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.19 22:00:00 | 000,000,043 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{cec9f574-92b6-11e0-ba72-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cec9f574-92b6-11e0-ba72-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2008.01.19 22:00:00 | 000,111,672 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.17 17:35:22 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2011.08.16 00:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011.08.15 22:11:47 | 124,539,416 | ---- | C] (Kaspersky Lab) -- C:\Users\Admin\Desktop\pure9.1.0.124de.exe
[2011.08.14 13:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.14 13:38:34 | 003,447,576 | ---- | C] (Piriform Ltd) -- C:\Users\Admin\Desktop\ccsetup309.exe
[2011.08.13 21:29:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.13 21:01:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.13 17:52:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.13 16:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.08.13 16:01:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2011.08.13 15:01:11 | 000,100,864 | ---- | C] (GMER) -- C:\aglorpod.sys
[2011.08.13 12:36:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.08.12 09:42:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{338FF2CA-3989-44E5-BF69-7E14A276D5BE}
[2011.08.12 09:42:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1BAEED21-5972-480A-94CE-6A8A62D7931B}
[2011.08.12 09:16:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{511A0DD0-D1E8-44F8-A9DA-7AA6A9740D82}
[2011.08.11 20:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.08.11 20:20:51 | 019,075,976 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup_4.2.0.187.exe
[2011.08.11 19:22:43 | 001,081,480 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2011.08.11 19:22:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.08.11 19:06:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.08.11 19:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SamSung
[2011.08.11 19:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer
[2011.08.11 18:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.08.11 18:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros WLAN Client
[2011.08.11 16:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.11 16:47:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3D030450-9D94-45EB-8361-913E16DD713C}
[2011.08.11 16:46:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BCB02616-5F94-4466-840D-D38F461A866E}
[2011.08.11 16:33:10 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\TDSSKiller.exe
[2011.08.10 13:45:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B7021062-028F-4C93-9DE1-57C1B9825AE8}
[2011.08.10 13:43:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6663092A-5C4E-46FB-8A4D-D67248609360}
[2011.08.09 21:22:59 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup-1.51.1.1800.exe
[2011.08.09 18:00:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011.08.09 17:59:55 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.09 17:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.09 17:59:37 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.09 17:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.09 17:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.08.09 13:43:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\BaFög
[2011.08.09 11:57:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{674DFE49-F584-4EF6-B17C-9C8BA7624020}
[2011.08.09 11:57:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7878D6C1-150C-4EAE-9B96-AAB755BFC765}
[2011.08.08 16:00:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A3E22906-1A54-4411-9B26-CDB7921A5418}
[2011.08.08 15:59:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C2E8339B-55B4-467F-B3A8-5FCCCCB8095C}
[2011.08.07 23:44:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3ADAE302-1C44-4D76-91A3-BE9B1D22380F}
[2011.08.07 23:44:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B61B1800-7037-447A-AC1F-ED3D870F730E}
[2011.08.06 16:42:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C3705ED2-D531-4179-AFB0-FC317CFC8E91}
[2011.08.05 11:49:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1D8B70B1-2766-44FA-9577-AB161998536F}
[2011.08.05 11:49:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2BC1701D-E2B1-40E0-8E89-1B9C2F090BD2}
[2011.08.04 10:26:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F97D3A39-F6E8-463B-BBA5-C1571B776E03}
[2011.08.04 10:26:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8EE4828D-641E-42E2-B3EA-344405A1CDB2}
[2011.08.04 00:31:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{14DBF0F1-FD34-45B7-A7C9-7762BCC738B0}
[2011.08.03 16:50:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\2011_08_03
[2011.08.03 16:45:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Canon
[2011.08.03 16:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonBJ
[2011.08.03 16:42:56 | 000,216,064 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM8S.DLL
[2011.08.03 16:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011.08.03 11:21:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{98616688-5746-46E2-96D5-3709E60B4703}
[2011.08.03 11:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0CB8A063-7C8B-4223-8722-EBBD2C4E802E}
[2011.08.03 11:21:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5EDE80A4-4D84-474E-824E-2A8964E5C013}
[2011.08.02 21:35:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F07CD4EB-65A8-4BBA-B481-D7F625632802}
[2011.08.02 21:35:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5DFB23BD-67FF-4D88-B448-2D811D95327F}
[2011.08.02 09:55:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Meine empfangenen Dateien
[2011.08.02 09:35:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B3EFD0B3-F8A5-4A63-9284-FE196D2E8E91}
[2011.08.02 09:35:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A2F75EDF-27B3-4307-81FD-7F36B366A816}
[2011.08.02 01:08:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\prince
[2011.08.01 01:38:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2130C5B3-0AAC-4FC6-8C59-7BCA0B26D3F9}
[2011.08.01 01:32:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E04867DC-9E03-440E-B78E-56E984C3FD74}
[2011.07.29 15:09:54 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.29 15:09:51 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.29 15:09:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.07.27 20:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011.07.26 10:28:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{21F991C7-1540-44DB-BD67-8E4896DFD49E}
[2011.07.25 17:51:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{30CAD578-2435-459C-A7CC-3F5021053DE7}
[2011.07.25 17:50:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\Tracing
[2011.07.25 17:19:03 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011.07.25 17:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011.07.25 17:15:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.07.25 17:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011.07.25 17:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.07.25 17:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011.07.25 17:12:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Windows Live
[2011.07.25 17:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2006.11.24 23:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 23:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.17 19:21:30 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.17 17:54:13 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.08.17 17:53:55 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.17 17:53:43 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 17:53:43 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.17 17:53:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.17 17:53:32 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.17 17:39:47 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011.08.17 17:39:47 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2011.08.17 17:34:39 | 000,000,204 | ---- | M] () -- C:\Users\Admin\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2011.08.17 13:14:35 | 000,037,584 | ---- | M] () -- C:\Users\Admin\Desktop\cc_20110817_131424.reg
[2011.08.16 23:51:24 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.08.16 20:21:58 | 000,080,384 | ---- | M] () -- C:\Users\Admin\Desktop\MBRCheck.exe
[2011.08.15 22:14:45 | 124,539,416 | ---- | M] (Kaspersky Lab) -- C:\Users\Admin\Desktop\pure9.1.0.124de.exe
[2011.08.14 14:09:22 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.14 14:09:22 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.14 14:09:22 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.14 14:09:22 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.14 13:39:23 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.14 13:38:36 | 003,447,576 | ---- | M] (Piriform Ltd) -- C:\Users\Admin\Desktop\ccsetup309.exe
[2011.08.14 11:40:08 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.08.14 11:40:08 | 000,089,088 | ---- | M] () -- C:\Users\Admin\Desktop\mbr.exe
[2011.08.13 23:06:16 | 000,014,120 | ---- | M] () -- C:\Users\Admin\Documents\bookmarks-2011-08-13.json
[2011.08.13 21:26:55 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2011.08.13 21:01:57 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.08.13 16:01:36 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2011.08.13 15:01:11 | 000,100,864 | ---- | M] (GMER) -- C:\aglorpod.sys
[2011.08.13 14:45:17 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\6xnt2mxq.exe
[2011.08.12 02:48:29 | 000,000,846 | ---- | M] () -- C:\Users\Admin\Desktop\firefox - Verknüpfung.lnk
[2011.08.11 20:25:47 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011.08.11 20:21:12 | 019,075,976 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup_4.2.0.187.exe
[2011.08.11 19:23:10 | 001,081,480 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2011.08.11 18:52:48 | 000,000,104 | ---- | M] () -- C:\Users\Admin\Desktop\Computer - Verknüpfung.lnk
[2011.08.11 16:51:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 16:33:10 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\TDSSKiller.exe
[2011.08.09 20:28:54 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.08.09 20:28:06 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup-1.51.1.1800.exe
[2011.08.09 17:52:01 | 000,252,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.30 20:13:15 | 000,020,480 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2011.08.17 17:34:39 | 000,000,204 | ---- | C] () -- C:\Users\Admin\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2011.08.17 13:14:32 | 000,037,584 | ---- | C] () -- C:\Users\Admin\Desktop\cc_20110817_131424.reg
[2011.08.16 20:22:05 | 000,080,384 | ---- | C] () -- C:\Users\Admin\Desktop\MBRCheck.exe
[2011.08.14 13:39:23 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.14 11:41:12 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.08.14 11:40:22 | 000,089,088 | ---- | C] () -- C:\Users\Admin\Desktop\mbr.exe
[2011.08.14 10:19:42 | 3215,572,992 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.13 23:06:16 | 000,014,120 | ---- | C] () -- C:\Users\Admin\Documents\bookmarks-2011-08-13.json
[2011.08.13 21:26:55 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2011.08.13 14:45:25 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\6xnt2mxq.exe
[2011.08.12 02:48:29 | 000,000,846 | ---- | C] () -- C:\Users\Admin\Desktop\firefox - Verknüpfung.lnk
[2011.08.11 20:25:47 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.08.11 20:24:16 | 000,002,379 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.08.11 18:52:48 | 000,000,104 | ---- | C] () -- C:\Users\Admin\Desktop\Computer - Verknüpfung.lnk
[2011.08.11 16:51:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.09 17:22:59 | 000,504,657 | ---- | C] () -- C:\Users\Admin\Desktop\unhide.exe
[2011.07.04 20:37:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.18 19:33:20 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.06.18 19:33:10 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.06.12 23:40:48 | 000,023,580 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2011.06.10 18:03:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.06.10 07:35:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.06.10 07:35:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.06.09 21:15:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.06.09 20:43:28 | 000,020,480 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.09 19:13:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.06.09 18:44:14 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2011.06.09 18:40:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011.06.09 18:39:06 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.06.09 18:39:05 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.06.09 18:25:49 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2011.06.09 18:25:49 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2011.06.09 18:16:42 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2011.06.09 18:16:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2011.06.09 18:05:05 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.02.26 16:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.16 01:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.30 02:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.30 02:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,252,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.09 19:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
 
========== LOP Check ==========
 
[2011.08.03 16:45:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2011.08.17 18:48:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2011.06.12 23:40:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2011.08.17 17:47:32 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 17.08.2011 19:20:31 - Run 8
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,71% Memory free
6,21 Gb Paging File | 5,13 Gb Available in Paging File | 82,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 156,46 Gb Free Space | 70,20% Space Free | Partition Type: NTFS
Drive D: | 2,89 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-679186329-3352478774-2945693008-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ADBA36C-E641-4E0B-91E4-F52954F52A2B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13251F6D-25E0-4221-9637-A62C4D4D30BD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{15146B19-FF7C-4855-B6A5-F90DF6178022}" = rport=137 | protocol=17 | dir=out | app=system |
"{1556D602-93B9-4300-9751-14F06D0CE541}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2A26A99E-F55F-4B15-9582-4EA040562D0D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3BFD8104-3A86-4E03-B26F-002F23B03C55}" = rport=445 | protocol=6 | dir=out | app=system |
"{3EA02309-F11D-43D6-B8A2-9FD85A3D0379}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{418FEDB7-73DA-4219-94CC-929D2A794FB1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E35DF6D-A8A9-4EF8-9069-5B3F33732498}" = rport=138 | protocol=17 | dir=out | app=system |
"{616BE416-E9D8-41D4-99AC-5B435FA21864}" = lport=137 | protocol=17 | dir=in | app=system |
"{68F19B96-B633-4690-B3D4-58A1AD7A55B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A0A9154-99C3-41EE-808F-4950353357CF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{80BDE7CD-9EAC-4CC7-AF1D-CEA1687DDDAB}" = rport=139 | protocol=6 | dir=out | app=system |
"{82B1649E-4EC5-4FDD-92AA-51586073F31E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF5DC36-0D3D-4C5D-923D-94345E33431D}" = lport=445 | protocol=6 | dir=in | app=system |
"{96B24376-A280-4CF0-B713-7D33B7B00D0D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A858AEEC-1AF3-4567-80C7-F74D8E781589}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B9E2BBE0-5FA5-46FD-A9D0-D063A19F6FA2}" = lport=138 | protocol=17 | dir=in | app=system |
"{BAC83331-82BE-4637-A7EB-2FE71F8E45B5}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C3B2B21E-8511-48BA-9950-8824CE9B6137}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9BAD1CC-2E9A-42AB-894A-946EC7BE733F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{CF281BBD-7CBA-463A-BF8F-48A1E6B189E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D86575B9-5514-45B5-B955-9CC47207AE48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE7966DE-3C54-4E2B-8A8F-5E0826D16F2C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E3209084-DED2-44B0-B131-517FED2C2BB4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EE17490A-453A-486B-B5C7-0465038C5149}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F9B9108C-5B4F-4DEF-B0E0-C64DE3D2D4DC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9F82218-D3F2-4985-959E-0E1D83D6A671}" = lport=139 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C4058D6-466F-4DF1-8563-1B73AEE2D085}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0C437E0D-541C-4A3E-9877-3CB2E2264674}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CC42F0B-CC1E-4F19-9CB2-2EE06B02D19B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BEE355E-14A5-4746-BF13-EA3B60C96C5C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2108BD04-B816-4659-888A-A05815F9B6D7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{241813D0-BD8C-4D2E-B14E-573B85D04586}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{242D6C48-4222-4C19-9664-76D0D433963F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AAED9A4-B04B-4EAE-83F7-0C647FF5A478}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2B51C36C-4B96-4F79-ADBB-F2AF837D739C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{317F13BB-C9FF-48A7-8247-4C91F90CC3EE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{371F089A-29CE-4E27-91B0-CEFB40B05906}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{42B3BFF8-CFC3-4C1E-9D81-5CF0C4E10189}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{452F5643-B50A-4ABE-A191-84E6726320D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50EAF023-5BCC-44EC-852D-874FEBECA39F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{515DAF4F-EA65-497A-A014-48D276D03453}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55A87A74-1A9A-4D92-9EFB-F8AF3E176A5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{577E609D-0042-441B-9138-18B56DF9A621}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D54B558-6AB3-4876-BF74-FCFFCFAECE96}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{675F1147-6BCD-43FC-95F3-5983294485F1}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{6BA6EBB8-462F-40EA-88C1-7CB1D1A90937}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C6BDC9A-7F9C-4A1B-9E2B-0137A77E2188}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{833CB862-9911-4101-B067-16A1BA9BE03F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{9D8FE41A-DCE3-4D9E-A33C-9E2F049ED668}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{ACCED9F2-1245-4269-AB9E-3674FFD9510B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD7F6F1F-5F9F-46E7-953C-F1E77037A50D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AEE2E7C9-17AB-46EA-915F-DFDE265E690F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{B0C7792B-9FEC-42DE-B083-52B028054523}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2ED03F3-4D9B-4E3C-A5FB-D554337F389F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3A0AE9B-1CF5-4653-B159-6BC9BB0E3279}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B426F91E-BB9F-40C5-808F-CAA63E1AF467}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B99F807B-FE70-4F9D-ABFC-C2DFA8447397}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{BDA0A150-C483-4122-ADD0-BCCC88C1B4BA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BECF143A-F351-4F69-B285-16B7370859C6}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{BEF99939-DA35-4AF6-A55C-12A938A6ED13}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{C6FFC124-EE7F-4C96-BFD3-39702B72F407}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{E08B9F28-9A1B-4176-AF59-F366E0E6B6B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDD100B9-ED24-45FB-A6A0-4F38A60195D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{6B966A52-A656-44C7-9657-4F933945FC93}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{A51E600C-B375-49E0-91BB-0ACB096B7221}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{69901D32-F6D1-4CC7-8085-8AF950869624}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{873C3911-A7F4-4B1F-8E0B-7F3230495136}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"YDKJG3" = YOU DON'T KNOW JACK® 3 - Abwärts!
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2011 04:30:38 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 16.08.2011 04:44:47 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 16.08.2011 11:56:38 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 16.08.2011 13:28:45 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 16.08.2011 17:13:45 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 17.08.2011 07:04:22 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 17.08.2011 07:19:24 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 17.08.2011 09:22:42 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 17.08.2011 11:21:56 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 17.08.2011 11:55:19 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description =
 
[ Media Center Events ]
Error - 12.06.2011 02:10:16 | Computer Name = Admin-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 09.06.2011 15:28:20 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 09.06.2011 15:28:36 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 09.06.2011 15:32:47 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description =
 
Error - 09.06.2011 15:58:06 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 09.06.2011 15:59:23 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10.06.2011 00:54:44 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 10.06.2011 00:56:02 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10.06.2011 11:56:25 | Computer Name = Admin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 10.06.2011 11:56:52 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 10.06.2011 12:32:36 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---


Also, was lässt sich nun dazu sagen?

kira 17.08.2011 18:37
1.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

2.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
O4 - HKCU..\Run: [Power2GoExpress]  File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

:Commands
[purity]
[emptytemp]

3.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

me pure 17.08.2011 18:39
Also ich muss sagen, dass sich mein Avira nicht mehr wegen dem tdss-virus gemeldet hat. Den Trojaner hab ich eigentlich gar nicht weiter gemerkt, außer, dass mein PC langsamer war. Ich hab ihn in der ZWischenzeit aber auch nicht mehr so intensiv genutzt. Ich werds die kommenden Tage mal beobachten, was so passiert.
Soweit scheint erstmal alles in Ordnung.

Sowe

kira 17.08.2011 18:53
sind wir noch nicht fertig:-> http://www.trojaner-board.de/102477-bitte-helft-mir-meinen-bka-trojaner-zu-beseitigen.html#post694293

und Endreinigung werden wir auch noch durchführen, Tools etc die wir verwendet haben entfernen


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:46 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131