Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows Diagnostic - richtig entfernt? (https://www.trojaner-board.de/96711-windows-diagnostic-richtig-entfernt.html)

Swaggy 22.03.2011 15:04
Windows Diagnostic - richtig entfernt?
 
Hallo zusammen,
gestern Abend bemerkte ich ein neues ,,angebliches´´ Windows Tool, names Windows Diagnostic, welches mir permanent dubiose Fehlermeldungen und Warnungen zeigte. Auch mein Dekstop war plötzlich leer.
Als ich nach diesem Toll googlete wurde mir schnell kalr, dass es sich um einen Trojaner handelt.
Ich habe mich auch informiert, wie ich diesen wieder los werde. Allerdings habe ich vorher erst einmal ,,Microsoft Security Essentials´´ durchlaufen lassen und so anscheinden den Virus erfolgreich entfernt.
Die Fehlermeldungen haben zwar aufgehört, doch mein Desktop ist immernoch leer. Es befindet sich noch ein leerer Ordner, ein Mozilla Firefox Symbol, Icq und der Papierkorb, in dem komischerweise noch Datein sind,auf dem Desktop.
Wenn ich nach einzelnen Datein suche, finde ich diese auch in dem Ordner C:/Flo/Desktop...
Wenn ich aber im Arbeitsplatz danach suche, ist mein gesamter ,,Benutzer´´ gelöscht. Das Benutzerkonto meiner Schwester hingegen ist noch vollständig.
Ich hoffe ihr versteht halbwegs, was ich versuche zu erklären.
Ich habe bereits einen Malware Durchgang am laufen und google mich durch das Thema, doch so richtig verstehen tue ich nichts.
Tut mir Leid, wenn das Thema bereits vorher diskutiert wurde, aber villeicht könnte mir jemand eine Idiotenanleitung zum Entfernen des Trojaners geben oder zumindest wo ich meine verlorenen Daten wieder finden kann.

Gruß,
Swaggy

cosinus 22.03.2011 15:58
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Swaggy 22.03.2011 19:51
Danke für die Schnelle Antwort erstmal,
also den Malware Scan habe ich schon angefangen, als ich den Beutrag geschrieben habe und er läuft immernoch durch (mittlerweile seit über 5 Stunden). Ist das normal???
OTL läuft auch gerade durch.

Gruß,
Swaggy


Edit:

hier sind die OTL Ergebnisse:
OTL Logfile:
OTL Logfile:
Code:
OTL logfile created on: 22.03.2011 20:04:14 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Flo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): c:\pagefile.sys 3067 3067 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 171,08 Gb Free Space | 38,38% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,43 Gb Free Space | 42,19% Space Free | Partition Type: FAT32
 
Computer Name: STANDPC2 | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Flo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
PRC - C:\Programme\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\CCU\CCU_Engine.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Users\Flo\Desktop\Neuer Ordner\RPGXP.exe ()
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Flo\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (QualityManager) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe (Intel(R) Corporation)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (DHTRACE) Intel(R) -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (NMSCore) Intel(R) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsl129d48fe) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4E52491-CC8A-4EAB-BC2C-F3AA7F2E7E72}\MpKsl129d48fe.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\HomeCinema\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Programme\HomeCinema\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "softonic-de3 Customized Web Search"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.666.0\firefox\extensions
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.08 11:08:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.22 13:55:58 | 000,000,000 | ---D | M]
 
[2010.11.10 18:28:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Extensions
[2010.11.10 18:28:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.03.22 14:07:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions
[2010.04.18 19:51:12 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.14 14:27:13 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.11.11 15:20:42 | 000,000,000 | -H-D | M] (Softonic Deutsch FF Community Toolbar) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2010.05.17 18:11:16 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.30 09:41:45 | 000,000,000 | -H-D | M] (softonic-de3 Toolbar) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.11.11 15:20:41 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\rbpipver.default\extensions\engine@conduit.com
[2010.06.08 10:29:10 | 000,000,927 | -H-- | M] () -- C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\rbpipver.default\searchplugins\conduit.xml
[2011.03.22 14:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.28 19:41:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.14 14:26:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.03.22 14:05:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.04.28 19:41:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2010.04.26 15:31:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2011.03.14 14:26:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.03.22 14:05:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.11 20:48:22 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.11 20:48:22 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.11 20:48:22 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.11 20:48:22 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.11 20:48:22 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000 begin_of_the_skype_highlighting**************075-444553540000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************075-444553540000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************075-444553540000******end_of_the_skype_highlighting} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{255fb5a1-ec12-11df-8f60-001d9220ecf6}\Shell - "" = Autorun
O33 - MountPoints2\{255fb5a1-ec12-11df-8f60-001d9220ecf6}\Shell\downloadsb\command - "" = C:\Windows\explorer.exe -- [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{276ae84a-4a24-11df-9e79-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{276ae84a-4a24-11df-9e79-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{276ae84a-4a24-11df-9e79-806e6f6e6963}\Shell\install\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.22 14:33:48 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Malwarebytes
[2011.03.22 14:33:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.22 14:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.22 14:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.22 14:33:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.22 14:33:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.22 14:05:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.22 14:05:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.22 14:05:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.21 22:50:24 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData\Roaming\Uniblue
[2011.03.21 22:50:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011.03.21 22:50:15 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2011.03.21 22:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.03.21 22:50:02 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData\Local\PackageAware
[2011.03.21 22:49:00 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData\Local\Conduit
[2011.03.21 21:57:09 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
[2011.03.21 16:48:53 | 000,000,000 | -H-D | C] -- C:\Users\Flo\Desktop\RPG-Atelier
[2011.03.21 15:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011.03.21 15:45:39 | 000,000,000 | ---D | C] -- C:\Programme\Xvid
[2011.03.21 15:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\ClickPotatoLiteSA
[2011.03.21 15:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2011.03.19 00:31:43 | 000,000,000 | -H-D | C] -- C:\Users\Flo\Desktop\Tilesets
[2011.03.14 14:29:19 | 000,000,000 | ---D | C] -- C:\Windows\TempAA03F409-4FF2-156F-E542-88CD5B33D85E-Signatures
[2011.03.14 14:28:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2011.03.14 14:27:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.03.14 14:27:44 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.03.14 14:26:48 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.03.13 15:40:17 | 000,000,000 | -H-D | C] -- C:\Users\Flo\Documents\RPGXP
[2011.03.13 15:36:11 | 000,000,000 | -H-D | C] -- C:\Users\Flo\Desktop\Neuer Ordner
[2011.03.09 14:14:18 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 14:14:18 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 14:14:18 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 14:14:18 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.02.26 22:17:51 | 000,000,000 | ---D | C] -- C:\Programme\hamachi_save
[2011.02.26 22:14:37 | 000,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[2011.02.26 22:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamachi
[2011.02.25 18:33:31 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData\Roaming\mIRC
[2011.02.25 18:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2011.02.25 18:33:30 | 000,000,000 | ---D | C] -- C:\Programme\mIRC
[2011.02.24 16:01:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.24 16:00:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.24 15:59:57 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.24 15:59:57 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.24 15:59:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.24 15:59:56 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.24 15:59:56 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.24 15:59:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.24 15:59:55 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.24 15:59:55 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.24 15:59:55 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.24 15:59:55 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.24 15:59:49 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.24 15:59:49 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.24 15:59:49 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.24 15:59:49 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.02.24 15:59:48 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.22 20:05:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.22 19:52:49 | 000,001,890 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2011.03.22 19:50:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.22 19:41:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.22 19:41:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.22 19:40:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.22 14:17:06 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.03.22 13:58:27 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.21 22:50:23 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.03.21 21:57:10 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43638536r
[2011.03.21 21:57:10 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43638536
[2011.03.21 21:57:09 | 000,000,591 | -H-- | M] () -- C:\Users\Flo\Desktop\Windows Diagnostic.lnk
[2011.03.21 21:57:05 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43638536
[2011.03.21 21:13:12 | 000,002,623 | -H-- | M] () -- C:\Users\Flo\Desktop\Microsoft Word.lnk
[2011.03.20 21:26:28 | 000,103,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.03.20 21:07:02 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.03.18 15:35:52 | 000,000,056 | RHS- | M] () -- C:\Windows\System32\9CD804905C.sys
[2011.03.14 14:30:14 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.03.14 14:29:35 | 000,635,148 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.14 14:29:35 | 000,601,550 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.14 14:29:35 | 000,130,386 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.14 14:29:35 | 000,107,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.09 21:06:24 | 000,030,208 | -H-- | M] () -- C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.26 22:14:37 | 000,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[2011.02.26 02:19:32 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2011.02.25 21:55:31 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.21 22:50:25 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011.03.21 22:50:16 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.03.21 21:57:10 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43638536r
[2011.03.21 21:57:10 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43638536
[2011.03.21 21:57:09 | 000,000,591 | -H-- | C] () -- C:\Users\Flo\Desktop\Windows Diagnostic.lnk
[2011.03.21 21:57:05 | 000,000,336 | -H-- | C] () -- C:\ProgramData\43638536
[2011.03.21 15:45:40 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.21 15:45:40 | 000,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2011.03.21 15:45:39 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.03.20 21:03:59 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.03.14 14:30:14 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.03.13 15:39:20 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\9CD804905C.sys
[2011.03.13 15:39:18 | 000,001,890 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011.03.13 15:36:50 | 000,001,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker XP.lnk
[2011.02.26 02:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.02.24 15:59:50 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.24 15:59:50 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.02.24 15:59:50 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.02.03 20:38:53 | 000,024,206 | -H-- | C] () -- C:\Users\Flo\AppData\Roaming\UserTile.png
[2011.01.01 21:27:01 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.11.04 17:09:07 | 000,942,080 | ---- | C] () -- C:\Windows\System32\NewFlyff.exe
[2010.10.01 12:56:46 | 000,000,000 | -H-- | C] () -- C:\Users\Flo\AppData\Roaming\Default.PLS
[2010.05.25 12:55:24 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.05.25 12:55:21 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.05.17 17:58:52 | 000,000,680 | -H-- | C] () -- C:\Users\Flo\AppData\Local\d3d9caps.dat
[2010.05.07 11:28:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.05.06 12:35:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.05.06 12:35:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.04.28 19:46:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.24 15:50:32 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.04.20 17:27:51 | 000,022,328 | -H-- | C] () -- C:\Users\Flo\AppData\Roaming\PnkBstrK.sys
[2010.04.20 17:27:51 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.04.20 17:27:35 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.04.20 17:27:35 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.04.18 20:22:56 | 000,030,208 | -H-- | C] () -- C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.17 14:54:25 | 000,000,000 | -H-- | C] () -- C:\Users\Flo\AppData\Roaming\wklnhst.dat
[2010.04.17 14:40:33 | 000,000,091 | -H-- | C] () -- C:\Users\Flo\AppData\Local\fusioncache.dat
[2010.04.17 13:58:15 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.10.07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.04.30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.10.22 12:49:01 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.10.22 12:49:01 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.10.15 17:38:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.10.15 15:45:53 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.10.15 15:45:52 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.10.09 22:26:24 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.10.09 16:05:23 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2006.12.11 05:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 16:33:31 | 000,635,148 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,130,386 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,372,872 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,601,550 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,107,686 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.06.23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005.08.30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005.08.30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005.08.30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll

< End of report >
--- --- ---



Zitat:
OTL Extras logfile created on: 22.03.2011 20:04:14 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Flo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): c:\pagefile.sys 3067 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 171,08 Gb Free Space | 38,38% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,43 Gb Free Space | 42,19% Space Free | Partition Type: FAT32

Computer Name: STANDPC2 | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A0479D-6FEC-44EC-AE35-A11F3555DF76}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{769EEBF4-D87F-40D9-AB62-F6416984AC0B}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C23F63-1C82-4C9A-83AD-3F12F37539EC}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{05356D01-672A-456F-A2C4-74761E1863FF}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{0E4F2913-904F-407F-B3BF-E5C43AACAFAE}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{11A0AE7E-F2EB-42C8-9D13-DC2C76618033}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{13AD2E8B-1AD6-47CD-975D-FB6A7EF6B8B1}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{158BF91F-0B1D-470C-A221-130CC11B9281}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{1B5C7D3A-1771-45D7-BDA6-99B3E41A7CB4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1CCB7BF5-B15E-4320-877E-8171A3F7911E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{33ABE7A4-CF36-4B45-9525-F09B92AE249D}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{3F7F48AC-EB90-4271-9DBD-FFCA649CCBC0}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{42EB9F43-0124-42F9-9321-BC37976883A3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{461FE70D-8F58-4C97-AF32-F4E0B65CA2D8}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4AD3F761-D1D6-4EC8-B75A-AE79C1858339}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{4AEB1195-588B-42CE-A336-7A9B47E099AC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{50873C55-0DBC-4F25-B32E-0A21D6C82643}" = protocol=17 | dir=in | app=c:\users\flo\downloads\mediaplayer_setup.exe |
"{5A656C86-B245-43C6-908B-2AD4B0310CC4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{5F81C531-2EFA-48A0-B165-EB065BC4A00A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{64DCE4E0-BE06-4BB5-8602-7760B09F65F3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{68EA7529-C076-4D04-85EF-E35A71E5025D}" = protocol=6 | dir=in | app=c:\users\flo\desktop\spiele\kahlert\cod 4 deutsch\setup\data\iw3mp.exe |
"{75496CE1-C10D-48ED-8378-019476EB3842}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{7CD61BFE-B7B5-4252-840F-F7F31D78E18F}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{7D3CF706-04B0-4A39-84FC-3B34E4017780}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{802811EB-B6AA-4427-A50A-00FC9929FDA9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{83196D6B-44CC-480B-8792-211301773BFF}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{850910A5-D139-443D-A3AA-3E0634B56C91}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{89396C45-DE66-4A24-9F77-B089F209464D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93B2C3B4-DFFB-4649-81E6-ADCCDB7139DB}" = protocol=6 | dir=in | app=c:\users\flo\downloads\mediaplayer_setup.exe |
"{9935C6BA-B50F-478F-9FBA-765885DACCDA}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe |
"{A3761320-D9B9-4DDD-AA01-6D5D6152C94D}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{A66F1099-CF28-4513-BD4F-43278966A05D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{AE5AC8EC-7E53-4920-9426-17DEEB789B70}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{B04217C0-D122-41C9-922D-760233DA4838}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{BCD03BFB-4564-41A0-9C52-9AC938F13D76}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D383F04C-5757-4FE6-90E7-B48D22CB8919}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{E2D3FE62-EE8D-43CA-9F4F-35627E1A60E8}" = protocol=17 | dir=in | app=c:\users\flo\desktop\spiele\kahlert\cod 4 deutsch\setup\data\iw3mp.exe |
"{F57992BE-DF49-4577-A209-45D313905303}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{FAE57EDA-E71F-4905-976F-FF8091FB39CD}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{FB768641-55FC-4FAF-9D9C-CBFD9E74F821}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe |
"{FCFE3580-EA9A-43B6-914E-B7B8D3FDCF15}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{FE87A4D1-DF76-4A03-A68D-B1715D734D9E}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"TCP Query User{08B1E237-74BA-42F3-BD26-975FF0E962F2}C:\users\flo\desktop\spiele\gut\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\spiele\gut\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{0BEFEA3E-8315-4359-9548-1144CBB5C7BC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{0DC07DAC-74D6-4E6D-80E7-6E4B276C147C}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{1F57A4F1-F64D-4FC4-8B00-AFA4E8C80D16}C:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe |
"TCP Query User{253307BC-98B3-40DC-AE6D-C41409F712A5}C:\users\flo\desktop\american wasteland\game\thaw.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\american wasteland\game\thaw.exe |
"TCP Query User{2865E1C4-92A3-46DA-8FC3-FD5E15BB60C6}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"TCP Query User{2C8364E2-A516-4FBB-A8C5-7280977F14ED}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{525D34CF-2869-4295-A384-0B02C7EDB007}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{54788931-6B50-4A03-BDF8-4FB6C90126D9}C:\users\flo\desktop\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{5B177E1B-BD8A-4CCE-A15F-0C607CDAE1F7}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{5CC43536-0B0C-43FB-924E-D7D83AA4029E}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{64AE24CB-8D14-41FE-BEDB-6233E6BB7261}C:\users\flo\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\flo\temp\teamviewer\version4\teamviewer.exe |
"TCP Query User{80198EDC-9515-48A5-836E-7BAF633B8241}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"TCP Query User{854E88E8-1C6E-49A4-A45E-B51F54E45332}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{93E78370-031C-48D2-B1D2-8938D1220D63}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{B750E615-8BC5-4F17-90B5-4CF351232C96}C:\users\flo\desktop\spiele\kahlert\der herr der ringe® - die eroberung™\conquest.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\spiele\kahlert\der herr der ringe® - die eroberung™\conquest.exe |
"TCP Query User{B896ECAA-4AF0-4F51-8D08-55DB891AAAA7}C:\users\flo\desktop\spiele\spiele\langames\cs1.6\cs16\hl.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\spiele\spiele\langames\cs1.6\cs16\hl.exe |
"TCP Query User{B9BDA077-20CC-49DF-973D-FC1B61D8108C}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"TCP Query User{BAA86FCC-B37B-4518-A780-420BB8129FD9}C:\users\flo\desktop\siedler iii\s3.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\siedler iii\s3.exe |
"TCP Query User{C0D616D9-1F1A-4A95-91A7-46567D182E09}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{C1BBE6EE-5AAD-4CD1-8345-8754E9340B59}C:\users\flo\desktop\spiele\kahlert\cod 4 deutsch\setup\data\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\spiele\kahlert\cod 4 deutsch\setup\data\iw3mp.exe |
"TCP Query User{C6CAB7AB-E4C7-40B7-9F26-F12A8903DF3A}C:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{04B17415-44B8-4547-BF6A-AC4C81A08675}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0A92B3F4-763D-4A9C-9B0B-CE218011F9BE}C:\users\flo\desktop\spiele\kahlert\cod 4 deutsch\setup\data\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\spiele\kahlert\cod 4 deutsch\setup\data\iw3mp.exe |
"UDP Query User{0AE73B9F-76FF-46CA-B035-CF64A447E700}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{162CC796-D5C4-42F6-B37D-A49F624F3162}C:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{1D8FAE52-8EF8-4272-A3E3-71AF92FB7722}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{24AF71CB-B4CC-40D8-9788-A5DA38FBD2A8}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{2B34DBF0-7276-4309-B208-C66DB88AE17B}C:\users\flo\desktop\spiele\spiele\langames\cs1.6\cs16\hl.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\spiele\spiele\langames\cs1.6\cs16\hl.exe |
"UDP Query User{2FCBE9A3-9FBF-4B4A-8649-AAC0921755B1}C:\users\flo\desktop\american wasteland\game\thaw.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\american wasteland\game\thaw.exe |
"UDP Query User{2FCE028C-5FAA-4A6F-A650-02985EFDF3CF}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"UDP Query User{3A2F7198-F9E2-4D84-B414-177ED3331FC3}C:\users\flo\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\flo\temp\teamviewer\version4\teamviewer.exe |
"UDP Query User{59DE64E3-F770-44C2-9C9C-EE3A076DEF71}C:\users\flo\desktop\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{5BD41A4B-BC8E-4979-B42D-5E956B719207}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{78024E9C-ED45-4D40-8F69-AFAAF11A3823}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"UDP Query User{7D32B4C8-3EAE-4AD1-A612-67FE322BB563}C:\users\flo\desktop\spiele\gut\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\spiele\gut\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{887699DE-D65E-4A4E-9398-8D13B39C0813}C:\users\flo\desktop\siedler iii\s3.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\siedler iii\s3.exe |
"UDP Query User{8B6CF88C-BB4B-4FB8-965B-1A41759B7421}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{93DA37AC-50B2-4AE0-90ED-DF401524F6C7}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{C127EA0A-7C72-48A8-8969-FB7D466302F6}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe |
"UDP Query User{C43D652D-F67D-42D0-9A64-008D2C8E1394}C:\users\flo\desktop\spiele\kahlert\der herr der ringe® - die eroberung™\conquest.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\spiele\kahlert\der herr der ringe® - die eroberung™\conquest.exe |
"UDP Query User{CC2AA366-B5B4-4A40-ABE9-3D8AF043216C}C:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\users\flo\desktop\siedler ii\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{E207595F-3EB7-4657-B5F4-6DDF129B8B46}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{F863B4FB-9226-4988-85C7-F72EB81E6E65}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 24
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{3293C06B-003F-4027-8380-FFD79E38167D}" = Tony Hawk's American Wasteland
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{89F1F5CF-144F-466B-A939-1675B0022ADE}" = Pacemaker Editor
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"conduitEngine" = Conduit Engine
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"FormatFactory" = FormatFactory 2.60
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free Studio_is1" = Free Studio version 4.9
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Google Chrome" = Google Chrome
"Gothic II" = Gothic II
"Hamachi" = Hamachi 1.0.2.3
"ICQToolbar" = ICQ Toolbar
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"mIRC" = mIRC
--- --- ---


Ich hoffe ich hab jetzt keinen riesen Beitrag gemacht und die OTL Ergebnisse in so ein Scroll-Fenster gepackt.
Das kommt mir übrigens ziemlich viel vor, was der da rausgefunden hat. Ist das auch normal, oder ist mein Pc einfach extrem vollgemüllt (was durchaus sein kann) ???

Swaggy 23.03.2011 16:11
Hallo zusammen,
ich bin inzwischen etwas weiter gekommen mit mienem Problem.
Ich habe das angewandt, was in diesem Thema empfohlen wurde:
http://www.trojaner-board.de/96721-s...erstellen.html
Es hat funktioniert. Mein alter Desktop ist wieder da, mit allen Daten.
Allerdings ist noch ein Windows Diagnostic Icon drauf und die alten Symbole sind , wie unter einer Folie, verblasst. Die neuen hingegen (Mozilla Firefox, Icq...) sind nicht blass. Es ist, als würde ein zweiter Desktop über dem ersten liegen.
Aber wie bekomme ich diesen ,,2. Desktop´´ samt Windows Diagnostic jetzt weg???

Gruß,
Swaggy

cosinus 23.03.2011 16:22
Du hast Malwarebytes vergessen. Die Logs, alle Logs, will ich sehen.

Swaggy 23.03.2011 21:57
hä?
die hatte ich eigentlich schon gepostet...ich mach jetzt keinen neuen durchgang mehr, das dauert mir zu lange. Aber bei zitiert sind noch logs...
die post ich einfach mal, villeicht könnt ihr was damit anfangen:

Edit: ups, das sind ja die OTL extra logs...dann kommen die malware erst moregn...sorry

Gruß,
Swaggy

cosinus 23.03.2011 22:00
Ist ja nicht schlimm. Poste bitte einfach alle Logs, die bei Malwarebytes im Reiter Logdateien zu sehen sind.

Swaggy 24.03.2011 18:07
Ich glaube ich habe den letzten 5 Stunden Scan unterbrochen, weil der PC abgestürtzt ist, aber dieser hat nur 1,5 Std. gedauert.
Anscheinend hatte Clickpotato etwas damit zu tun, das hat ein Freund gedownloaded um mir ein Video zu zeigen. Angeblich ist das ein Video-Player (keine Ahnung wie man das nennt), aber funktioniert hat es nicht.
Das war mir von Anfang an nicht geheuer.

Es ist zuerst eine Liste mit Fehlern aufgegangen und dann hat sich ein Log geöffnet...ich poste einfach mal alles.

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6131

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

24.03.2011 17:33:37
mbam-log-2011-03-24 (17-33-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 436430
Laufzeit: 1 Stunde(n), 31 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 21
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\$RECYCLE.BIN\s-1-5-21-3066033664-364462659-1142755021-1004\$R57ORKN\bin\10.0.666.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-3066033664-364462659-1142755021-1004\$R57ORKN\bin\10.0.666.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\Flo\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
und hier die fehler, die es gefunden hat:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6131

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

24.03.2011 17:33:37
mbam-log-2011-03-24 (17-33-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 436430
Laufzeit: 1 Stunde(n), 31 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 21
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\$RECYCLE.BIN\s-1-5-21-3066033664-364462659-1142755021-1004\$R57ORKN\bin\10.0.666.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-3066033664-364462659-1142755021-1004\$R57ORKN\bin\10.0.666.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\Flo\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Gruß,

Swaggy

cosinus 24.03.2011 18:42
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{255fb5a1-ec12-11df-8f60-001d9220ecf6}\Shell - "" = Autorun
O33 - MountPoints2\{255fb5a1-ec12-11df-8f60-001d9220ecf6}\Shell\downloadsb\command - "" = C:\Windows\explorer.exe -- [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{276ae84a-4a24-11df-9e79-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{276ae84a-4a24-11df-9e79-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{276ae84a-4a24-11df-9e79-806e6f6e6963}\Shell\install\command - "" = E:\autorun.exe
[2011.03.21 22:50:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011.03.21 15:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2011.03.14 14:29:19 | 000,000,000 | ---D | C] -- C:\Windows\TempAA03F409-4FF2-156F-E542-88CD5B33D85E-Signatures
[2011.03.21 21:57:10 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43638536r
[2011.03.21 21:57:10 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43638536
[2011.03.21 21:57:09 | 000,000,591 | -H-- | M] () -- C:\Users\Flo\Desktop\Windows Diagnostic.lnk
[2011.03.21 21:57:05 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43638536
[2011.03.18 15:35:52 | 000,000,056 | RHS- | M] () -- C:\Windows\System32\9CD804905C.sys
[2010.11.04 17:09:07 | 000,942,080 | ---- | C] () -- C:\Windows\System32\NewFlyff.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Swaggy 24.03.2011 18:50
Ich glaube es hat funktioniert. Also das Windows Diagnostic Icon ist zumindest vom Desktop und Fhelermeldungen kommen auch keine mehr.
Soll ich jetzt nochmal einen Scan mit z.B. RegisteryBooster machen?

Dieses log hat mir OTL geöffnet, nachdem ich es wegen einer Fehlermeldung geschlossen habe:

Zitat:
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj03.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Allerdings wird ,,Flo´´ immernoch nicht als Benutzer angezeigt und mein Ordner Flo ist auf einmal auch leer.
Komisch. Ich werde es einfach nochmal versuchen und schreiben, obs geklappt hat.

Gruß,
Swaggy

cosinus 24.03.2011 18:55
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Swaggy 24.03.2011 20:13
Anscheinend sind unter anderem meine RPG Daten weg, was mich grade wirklich aufregt, weil ich da wirklich viel Arbeit reingesteckt habe.
Ich kann zwar, durch die zuletz verwendet Funktion, noch auf Teile der alten Maps zurück greifen, aber es wird lange dauern die ganzen Einstellungen neu zu machen.
Auch mein ,,Flo´´ Benutzer ist immernoch verschwunden.
Hat jemand eine Idee wir ich ihn wieder finde oder wieder sichtbar machen kann???


Gruß,
Swaggy

cosinus 24.03.2011 21:02
Seit wann ist das verschwunden? :wtf:

Swaggy 24.03.2011 21:56
ich glaube seit ich eben mit otl den Fix ausgeführt habe.
Kann es sein, dass noch Virenscanner an waren oder so.
Ich habe jetzt auch diese CF durchgeführt, aber ich erkenne keinen Unterschied, außer dass ich plötzlich 10GB mehr Speicherplatz habe, also 10GB verschwunden sind...
Hier ist dr log:

Combofix Logfile:
Code:
ComboFix 11-03-24.01 - Flo 24.03.2011  21:14:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2045.1235 [GMT 1:00]
ausgeführt von:: c:\users\Flo\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
c:\users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic\Uninstall Windows Diagnostic.lnk
c:\users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic\Windows Diagnostic.lnk
c:\windows\system32\midas.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-24 bis 2011-03-24  ))))))))))))))))))))))))))))))
.
.
2011-03-24 20:25 . 2011-03-24 20:45        --------        d-----w-        c:\users\Flo\AppData\Local\temp
2011-03-24 17:09 . 2011-03-24 17:09        --------        d-----w-        c:\programdata\WindowsSearch
2011-03-24 14:49 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A939DA71-3847-48C9-854F-2AF03E930FC6}\mpengine.dll
2011-03-23 14:59 . 2011-03-23 14:59        --------        d-----w-        C:\_OTL
2011-03-23 13:23 . 2011-02-22 13:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-03-23 13:23 . 2011-02-22 14:13        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-03-23 13:23 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll
2011-03-22 13:33 . 2011-03-22 13:33        --------        d-----w-        c:\users\Flo\AppData\Roaming\Malwarebytes
2011-03-22 13:33 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-22 13:33 . 2011-03-22 13:33        --------        d-----w-        c:\programdata\Malwarebytes
2011-03-22 13:33 . 2011-03-22 13:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-03-22 13:33 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-21 21:50 . 2011-03-21 21:50        --------        d--h--w-        c:\users\Flo\AppData\Roaming\Uniblue
2011-03-21 21:50 . 2011-03-21 21:50        --------        d-----w-        c:\program files\Uniblue
2011-03-21 21:50 . 2011-03-21 21:50        --------        d--h--w-        c:\users\Flo\AppData\Local\PackageAware
2011-03-21 21:49 . 2011-03-21 21:49        --------        d--h--w-        c:\users\Flo\AppData\Local\Conduit
2011-03-21 14:45 . 2008-12-13 19:01        77824        ----a-w-        c:\windows\system32\xvid.ax
2011-03-21 14:45 . 2008-12-04 20:42        815104        ----a-w-        c:\windows\system32\xvidcore.dll
2011-03-21 14:45 . 2011-03-21 14:45        --------        d-----w-        c:\program files\Xvid
2011-03-21 14:45 . 2008-12-04 20:46        180224        ----a-w-        c:\windows\system32\xvidvfw.dll
2011-03-20 20:03 . 2011-03-20 20:26        103736        ---ha-w-        c:\windows\system32\PnkBstrB.exe
2011-03-14 13:54 . 2011-03-14 13:54        439632        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{883F5FA3-00FF-41B1-A2EC-1322D554DFDB}\gapaengine.dll
2011-03-14 13:28 . 2011-03-14 13:30        --------        d-----w-        c:\program files\Microsoft Security Client
2011-03-14 13:27 . 2011-03-14 13:27        --------        d-----w-        c:\program files\Common Files\Java
2011-03-14 13:27 . 2010-04-05 20:00        221568        ----a-w-        c:\windows\system32\drivers\netio.sys
2011-03-14 13:26 . 2011-02-02 20:40        472808        ----a-w-        c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-14 13:26 . 2011-02-02 20:40        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-03-13 14:39 . 2011-03-24 19:25        1890        --sha-w-        c:\windows\system32\KGyGaAvL.sys
2011-03-09 13:14 . 2010-12-29 18:28        322560        ----a-w-        c:\windows\system32\sbe.dll
2011-03-09 13:14 . 2010-12-29 18:28        153088        ----a-w-        c:\windows\system32\sbeio.dll
2011-03-09 13:14 . 2010-12-29 18:28        429056        ----a-w-        c:\windows\system32\EncDec.dll
2011-03-09 13:14 . 2010-12-29 18:26        177664        ----a-w-        c:\windows\system32\mpg2splt.ax
2011-03-09 13:14 . 2010-12-17 15:45        2067968        ----a-w-        c:\windows\system32\mstscax.dll
2011-03-09 13:14 . 2010-12-17 13:54        677888        ----a-w-        c:\windows\system32\mstsc.exe
2011-02-26 21:17 . 2011-02-26 21:18        --------        d-----w-        c:\program files\hamachi_save
2011-02-26 21:14 . 2011-02-26 21:14        25280        ----a-w-        c:\windows\system32\drivers\hamachi.sys
2011-02-26 01:19 . 2011-02-26 01:19        41872        ----a-w-        c:\windows\system32\xfcodec.dll
2011-02-25 17:33 . 2011-03-01 18:01        --------        d--h--w-        c:\users\Flo\AppData\Roaming\mIRC
2011-02-25 17:33 . 2011-02-25 17:33        --------        d-----w-        c:\program files\mIRC
2011-02-24 15:00 . 2009-10-09 21:56        2048        ----a-w-        c:\windows\system32\winrsmgr.dll
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 20:26 . 2010-04-20 16:27        103736        ---ha-w-        c:\windows\system32\PnkBstrB.ex0
2011-03-20 20:07 . 2010-04-20 16:27        22328        ---ha-w-        c:\windows\system32\drivers\PnkBstrK.sys
2011-02-25 20:55 . 2010-04-20 16:29        271200        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2011-02-10 21:54 . 2010-04-18 11:23        5943120        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-20 16:37 . 2011-02-16 16:22        638336        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-16 16:22        478720        ----a-w-        c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-16 16:22        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-16 16:22        160768        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-16 16:22        1029120        ----a-w-        c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-16 16:22        189952        ----a-w-        c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-16 16:22        37376        ----a-w-        c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-16 16:22        258048        ----a-w-        c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-16 16:22        586240        ----a-w-        c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-16 16:22        2873344        ----a-w-        c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-16 16:22        26112        ----a-w-        c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-16 16:22        209920        ----a-w-        c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-16 16:22        98816        ----a-w-        c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-16 16:22        1554432        ----a-w-        c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-16 16:22        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-16 16:22        667648        ----a-w-        c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-16 16:22        847360        ----a-w-        c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-16 16:22        135680        ----a-w-        c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-16 16:22        979456        ----a-w-        c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-16 16:22        357376        ----a-w-        c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-16 16:22        302592        ----a-w-        c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-16 16:22        261632        ----a-w-        c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-16 16:22        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-16 16:22        486400        ----a-w-        c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-16 16:22        683008        ----a-w-        c:\windows\system32\d2d1.dll
2011-01-19 08:26 . 2011-01-19 08:26        86016        ----a-w-        c:\windows\system32\frapsvid.dll
2011-01-08 14:09 . 2010-04-20 16:27        75136        ----a-w-        c:\windows\system32\PnkBstrA.exe
2011-01-08 08:47 . 2011-02-16 16:21        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-16 16:21        292352        ----a-w-        c:\windows\system32\atmfd.dll
2011-01-01 20:57 . 2010-04-20 16:27        22328        ---ha-w-        c:\users\Flo\AppData\Roaming\PnkBstrK.sys
2010-12-31 13:57 . 2011-02-16 16:22        2039808        ----a-w-        c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 13:05        413696        ----a-w-        c:\windows\system32\odbc32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsof0.dll" [2010-10-18 3908192]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\program files\Softonic_Deutsch_FF\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54        175912        ----a-w-        c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54        175912        ----a-w-        c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d81af43-de53-48d0-a199-42c2a226b24c}]
2011-01-17 14:54        175912        ----a-w-        c:\program files\Softonic_Deutsch_FF\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-10-18 10:26        3908192        ----a-w-        c:\program files\softonic-de3\tbsof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-03-09 09:06        2355224        ----a-w-        c:\program files\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsof0.dll" [2010-10-18 3908192]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\program files\Softonic_Deutsch_FF\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsof0.dll" [2010-10-18 3908192]
"{9D81AF43-DE53-48D0-A199-42C2A226B24C}"= "c:\program files\Softonic_Deutsch_FF\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2010-02-12 5933912]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-05-27 375296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-15 08:14        202024        ----a-w-        c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57        153136        ----a-w-        c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-12 08:58        8497696        ----a-w-        c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-12 08:58        81920        ----a-w-        c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-12 08:58        86016        ----a-w-        c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2007-09-06 23:26        172032        ----a-w-        c:\program files\HomeCinema\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-17 11:27        4702208        ----a-w-        c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-09 13:54        16896        ----a-w-        c:\program files\GoogleEULA\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVBroadcast]
2007-08-07 22:12        797696        ----a-w-        c:\program files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2007-10-19 15:42        155648        ------w-        c:\program files\HomeCinema\TV Enhance\TVEService.exe
.
R1 bcmpikdd;bcmpikdd;c:\windows\system32\drivers\bcmpikdd.sys [x]
R1 MpKsl6b61d8cb;MpKsl6b61d8cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6E8D2A4-27EC-4E42-91C6-29754EF1F460}\MpKsl6b61d8cb.sys [x]
R1 MpKsl8c3a74af;MpKsl8c3a74af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA119E0A-D5F0-4243-BA02-F582C844AB7E}\MpKsl8c3a74af.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1cae702751500b0;Google Update Service (gupdate1cae702751500b0);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 133104]
R3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-04-28 3522800]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\HomeCinema\PlayMovie\000.fcl [2007-10-11 41456]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
S2 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 1681408]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-10-19 290909]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [2007-10-19 114779]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-08-22 1242976]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-10-15 5632]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 18:41]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-28 18:41]
.
2011-03-24 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
mSearch Bar = hxxp://www.google.com/ie
IE: Free YouTube Download - c:\users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\rbpipver.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - softonic-de3 Customized Web Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Softonic Deutsch FF Community Toolbar: {9d81af43-de53-48d0-a199-42c2a226b24c} - %profile%\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-FormatFactory - c:\users\Flo\Desktop\Neuer Ordner\FormatFactory\uninst.exe
AddRemove-Fraps - c:\users\Flo\Desktop\fraps\uninstall.exe
AddRemove-Hamachi - c:\program files\uninstall.exe
AddRemove-S2TNG - c:\users\Flo\Desktop\Siedler II\Die Siedler II - Die nächste Generation\uninstall.exe
AddRemove-Uniblue RegistryBooster - c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}\rbia.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}\rbia.exe
AddRemove-ChillOutFly - c:\users\Flo\Desktop\Neuer Ordner (2)\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-24 21:45
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3066033664-364462659-1142755021-1004\Software\SecuROM\License information*]
"datasecu"=hex:99,fb,c9,d4,16,fa,af,3d,8b,f9,f3,2a,88,3a,3f,55,69,b8,72,e6,58,
  f5,4b,f3,02,00,86,0a,e0,5f,94,20,14,d2,03,92,af,8f,b8,fe,86,54,b0,5e,76,26,\
"rkeysecu"=hex:6b,9c,1a,9c,91,ef,0f,35,a5,5f,ff,e8,3f,b1,e8,ce
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Medion\MEDIONbox\Program\GCS.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-24  21:48:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-24 20:48
.
Vor Suchlauf: 6 Verzeichnis(se), 189.049.585.664 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 202.748.043.264 Bytes frei
.
- - End Of File - - 2C279100900F450339E92876E51563B4
--- --- ---


Kann ich jetzt wieder eine Datensicherung mit einer externen festplatte machen, oder ist der Trojaner immernoch auf meinem PC und könnte auf die Externe wandern???

Gruß,
Swaggy

Swaggy 24.03.2011 22:02
Huch!!!
Ich habe gerade das log Fenster von CF geschlossen und plötzlich gibt es bei C:/Benutzer wieder einen Flo Ordner und folgende: Default, Öffentlich und IUSR_NMPR

Meine Daten sind jetzt auch wieder komplett, nur eine kleine RPG Map fehlt, die ich wegen des Trojaners irgendwie nicht richtig speichern konnte, aber das ist nicht weiter schlimm.

Also wenn der Trojaner jetzt komplett und endgültig vom Pc gelöscht ist, alle Daten wieder da sind und auch der Desktop wieder vollständig ist, wär die Sache ja gegessen.
Die beiden letzteren Dinge treffen zu, nur ob der Trojaner wirklich weg ist, da bin ich mir noch nicht ganz sicher.

Wenn so ist bedank ich mich schonmal ganz herzlich bei den Helfern:

DANKE!!!

Gruß,
Swaggy

cosinus 24.03.2011 22:34
:D :D :D

Die 10GB mehr Platz kamen wohl durch den OTL-Fix. Ich lasse eigentlich immer die Tempdateien gleich mit löschen :abklatsch:

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Swaggy 24.03.2011 23:01
Also wenn ichs richitg gemacht habe (ich habe irgendwie keins der genannten programme aufm desktop entpackt, sondern einfach so gestartet (hoffe das war nicht falsch)) , dann hat tdss killer nix gefunden...hier ist der log:

Zitat:
2011/03/24 22:57:34.0526 1332 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/24 22:57:34.0903 1332 ================================================================================
2011/03/24 22:57:34.0903 1332 SystemInfo:
2011/03/24 22:57:34.0903 1332
2011/03/24 22:57:34.0903 1332 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/24 22:57:34.0903 1332 Product type: Workstation
2011/03/24 22:57:34.0904 1332 ComputerName: STANDPC2
2011/03/24 22:57:34.0904 1332 UserName: Flo
2011/03/24 22:57:34.0904 1332 Windows directory: C:\Windows
2011/03/24 22:57:34.0904 1332 System windows directory: C:\Windows
2011/03/24 22:57:34.0904 1332 Processor architecture: Intel x86
2011/03/24 22:57:34.0904 1332 Number of processors: 2
2011/03/24 22:57:34.0904 1332 Page size: 0x1000
2011/03/24 22:57:34.0904 1332 Boot type: Normal boot
2011/03/24 22:57:34.0904 1332 ================================================================================
2011/03/24 22:57:35.0958 1332 Initialize success
2011/03/24 22:58:51.0543 6504 ================================================================================
2011/03/24 22:58:51.0543 6504 Scan started
2011/03/24 22:58:51.0543 6504 Mode: Manual;
2011/03/24 22:58:51.0543 6504 ================================================================================
2011/03/24 22:58:52.0260 6504 3xHybrid (53a3664bca7bbc1c09744455bf2ea136) C:\Windows\system32\DRIVERS\3xHybrid.sys
2011/03/24 22:58:52.0338 6504 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/24 22:58:52.0402 6504 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/03/24 22:58:52.0451 6504 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/03/24 22:58:52.0494 6504 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/03/24 22:58:52.0540 6504 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/03/24 22:58:52.0614 6504 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/24 22:58:52.0660 6504 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/24 22:58:52.0718 6504 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys
2011/03/24 22:58:52.0773 6504 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/03/24 22:58:52.0810 6504 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys
2011/03/24 22:58:52.0844 6504 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/03/24 22:58:52.0878 6504 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/03/24 22:58:52.0957 6504 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/03/24 22:58:52.0993 6504 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/03/24 22:58:53.0050 6504 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/24 22:58:53.0100 6504 atapi (78620bda3ec87816e5d1fa86f920bc3a) C:\Windows\system32\drivers\atapi.sys
2011/03/24 22:58:53.0158 6504 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/03/24 22:58:53.0253 6504 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/24 22:58:53.0330 6504 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/24 22:58:53.0369 6504 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/24 22:58:53.0397 6504 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/24 22:58:53.0437 6504 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/24 22:58:53.0472 6504 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/24 22:58:53.0514 6504 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/24 22:58:53.0547 6504 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/24 22:58:53.0593 6504 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/24 22:58:54.0076 6504 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/24 22:58:54.0276 6504 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/24 22:58:54.0334 6504 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/03/24 22:58:54.0387 6504 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/24 22:58:54.0464 6504 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys
2011/03/24 22:58:54.0496 6504 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/03/24 22:58:54.0523 6504 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/24 22:58:54.0565 6504 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/03/24 22:58:54.0660 6504 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/24 22:58:54.0713 6504 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/24 22:58:54.0797 6504 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/24 22:58:54.0886 6504 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/24 22:58:54.0947 6504 e1express (476d9f2f0789cde89acee2a2fb21ec5a) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/03/24 22:58:54.0983 6504 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/24 22:58:55.0030 6504 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/24 22:58:55.0138 6504 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/03/24 22:58:55.0293 6504 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/24 22:58:55.0332 6504 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/24 22:58:55.0376 6504 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/24 22:58:55.0420 6504 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
2011/03/24 22:58:55.0461 6504 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/24 22:58:55.0523 6504 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/24 22:58:55.0617 6504 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/24 22:58:55.0714 6504 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/24 22:58:55.0763 6504 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/24 22:58:55.0809 6504 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/24 22:58:55.0868 6504 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
2011/03/24 22:58:55.0985 6504 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/24 22:58:56.0280 6504 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/24 22:58:56.0322 6504 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/24 22:58:56.0377 6504 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/24 22:58:56.0474 6504 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/24 22:58:56.0531 6504 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/03/24 22:58:56.0684 6504 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/24 22:58:56.0768 6504 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/03/24 22:58:56.0841 6504 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/24 22:58:56.0958 6504 iaStor (28aae599496b4930b3f19026f2083bc4) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/24 22:58:57.0024 6504 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/03/24 22:58:57.0094 6504 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/24 22:58:57.0313 6504 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/24 22:58:57.0394 6504 IntelDH (7f440f8ced849fcdfa85bb3521b4f048) C:\Windows\system32\Drivers\IntelDH.sys
2011/03/24 22:58:57.0528 6504 intelide (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys
2011/03/24 22:58:57.0698 6504 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/24 22:58:57.0826 6504 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/24 22:58:57.0901 6504 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/24 22:58:57.0962 6504 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/24 22:58:58.0011 6504 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/24 22:58:58.0054 6504 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/03/24 22:58:58.0103 6504 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/24 22:58:58.0200 6504 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/24 22:58:58.0232 6504 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/24 22:58:58.0398 6504 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/24 22:58:58.0448 6504 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/24 22:58:58.0505 6504 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/24 22:58:58.0568 6504 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/03/24 22:58:58.0598 6504 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/24 22:58:58.0644 6504 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/24 22:58:58.0683 6504 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/24 22:58:58.0725 6504 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/24 22:58:58.0773 6504 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/24 22:58:58.0833 6504 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/03/24 22:58:58.0888 6504 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/03/24 22:58:58.0925 6504 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/24 22:58:58.0964 6504 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/24 22:58:58.0992 6504 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/24 22:58:59.0013 6504 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/24 22:58:59.0061 6504 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/24 22:58:59.0119 6504 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/03/24 22:58:59.0193 6504 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/03/24 22:58:59.0365 6504 MpKslb9c32161 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A4DF34E-9734-4696-A376-1690778AAFAE}\MpKslb9c32161.sys
2011/03/24 22:58:59.0424 6504 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/03/24 22:58:59.0564 6504 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/24 22:58:59.0621 6504 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/24 22:58:59.0663 6504 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/24 22:58:59.0699 6504 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/24 22:58:59.0736 6504 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/24 22:58:59.0769 6504 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/24 22:58:59.0813 6504 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys
2011/03/24 22:58:59.0860 6504 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/03/24 22:58:59.0922 6504 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/24 22:58:59.0957 6504 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/24 22:59:00.0006 6504 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/24 22:59:00.0049 6504 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/24 22:59:00.0072 6504 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/24 22:59:00.0129 6504 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/24 22:59:00.0159 6504 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/24 22:59:00.0183 6504 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/24 22:59:00.0218 6504 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/24 22:59:00.0285 6504 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/24 22:59:00.0352 6504 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/24 22:59:00.0381 6504 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/24 22:59:00.0410 6504 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/24 22:59:00.0452 6504 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/24 22:59:00.0511 6504 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/24 22:59:00.0542 6504 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/24 22:59:00.0583 6504 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/24 22:59:00.0653 6504 netr28u (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
2011/03/24 22:59:00.0725 6504 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/24 22:59:00.0822 6504 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/03/24 22:59:00.0882 6504 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
2011/03/24 22:59:00.0909 6504 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/24 22:59:00.0956 6504 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/24 22:59:01.0023 6504 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/24 22:59:01.0074 6504 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/24 22:59:01.0121 6504 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/24 22:59:01.0360 6504 nvlddmkm (513098dd7a7f4eea43f9b0bbc1948c80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/24 22:59:01.0506 6504 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/03/24 22:59:01.0561 6504 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/03/24 22:59:01.0600 6504 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/03/24 22:59:01.0686 6504 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/24 22:59:01.0730 6504 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/03/24 22:59:01.0765 6504 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/24 22:59:01.0792 6504 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/24 22:59:01.0882 6504 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/24 22:59:01.0961 6504 pciide (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys
2011/03/24 22:59:02.0012 6504 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/24 22:59:02.0092 6504 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/24 22:59:02.0268 6504 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/03/24 22:59:02.0419 6504 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/24 22:59:02.0454 6504 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/03/24 22:59:02.0536 6504 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/24 22:59:02.0594 6504 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/03/24 22:59:02.0647 6504 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/24 22:59:02.0700 6504 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/24 22:59:02.0771 6504 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/24 22:59:02.0838 6504 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/24 22:59:02.0882 6504 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/24 22:59:02.0928 6504 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/24 22:59:02.0977 6504 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/24 22:59:03.0021 6504 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/24 22:59:03.0046 6504 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/24 22:59:03.0087 6504 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/03/24 22:59:03.0110 6504 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/24 22:59:03.0177 6504 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/24 22:59:03.0318 6504 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/24 22:59:03.0356 6504 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/24 22:59:03.0410 6504 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/24 22:59:03.0447 6504 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/24 22:59:03.0482 6504 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/03/24 22:59:03.0525 6504 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/24 22:59:03.0572 6504 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/03/24 22:59:03.0597 6504 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/24 22:59:03.0631 6504 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/24 22:59:03.0667 6504 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/24 22:59:03.0705 6504 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/03/24 22:59:03.0739 6504 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/03/24 22:59:03.0791 6504 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/24 22:59:03.0829 6504 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/24 22:59:03.0894 6504 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/24 22:59:03.0922 6504 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/24 22:59:03.0955 6504 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/24 22:59:04.0005 6504 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/24 22:59:04.0037 6504 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/24 22:59:04.0071 6504 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/24 22:59:04.0105 6504 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/24 22:59:04.0618 6504 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/03/24 22:59:04.0702 6504 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/24 22:59:04.0750 6504 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/24 22:59:04.0799 6504 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/24 22:59:04.0849 6504 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/24 22:59:04.0921 6504 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/24 22:59:05.0001 6504 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/24 22:59:05.0100 6504 TSHWMDTCP (b56368b25a51cebda77e6b20764f07f2) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2011/03/24 22:59:05.0203 6504 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/24 22:59:05.0232 6504 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/24 22:59:05.0255 6504 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/24 22:59:05.0294 6504 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/24 22:59:05.0336 6504 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/24 22:59:05.0386 6504 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/24 22:59:05.0437 6504 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/03/24 22:59:05.0483 6504 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/24 22:59:05.0517 6504 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/24 22:59:05.0606 6504 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/24 22:59:05.0685 6504 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/03/24 22:59:05.0780 6504 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/24 22:59:05.0831 6504 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/24 22:59:05.0864 6504 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/24 22:59:05.0900 6504 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/24 22:59:05.0982 6504 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/24 22:59:06.0023 6504 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/24 22:59:06.0050 6504 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/24 22:59:06.0080 6504 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/24 22:59:06.0116 6504 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/24 22:59:06.0242 6504 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/24 22:59:06.0285 6504 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/03/24 22:59:06.0324 6504 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/03/24 22:59:06.0421 6504 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys
2011/03/24 22:59:06.0454 6504 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/24 22:59:06.0499 6504 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/24 22:59:06.0540 6504 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/24 22:59:06.0590 6504 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/03/24 22:59:06.0639 6504 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/24 22:59:06.0678 6504 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/24 22:59:06.0692 6504 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/24 22:59:06.0739 6504 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/03/24 22:59:06.0810 6504 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/24 22:59:06.0940 6504 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/24 22:59:07.0035 6504 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/24 22:59:07.0133 6504 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/24 22:59:07.0221 6504 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/24 22:59:07.0309 6504 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
2011/03/24 22:59:07.0341 6504 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
2011/03/24 22:59:07.0434 6504 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\HomeCinema\PlayMovie\000.fcl
2011/03/24 22:59:07.0491 6504 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (5867ce254625645345c833510d24f124) C:\Program Files\HomeCinema\PowerDVD\000.fcl
2011/03/24 22:59:07.0699 6504 ================================================================================
2011/03/24 22:59:07.0699 6504 Scan finished
2011/03/24 22:59:07.0699 6504 ================================================================================
Gruß,

Swaggy

cosinus 24.03.2011 23:18
Das ist schonmal ok. Ich brauch das Log vom TDSS-Killer als Zusatzbestätigung.
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Swaggy 25.03.2011 11:57
Also GMER hat irgendwie nicht funktioniert, aber OSAM schon. Hier ist das log:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:52:43 on 25.03.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"RegistryBooster.job" - "Uniblue Systems Limited" - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"awlyypog" (awlyypog) - ? - C:\Users\Flo\AppData\Local\Temp\awlyypog.sys  (Hidden registry entry, rootkit activity | File not found)
"bcmpikdd" (bcmpikdd) - ? - C:\Windows\system32\drivers\bcmpikdd.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\Flo\AppData\Local\Temp\catchme.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MpKsl5e4cf9fe" (MpKsl5e4cf9fe) - "Microsoft Corporation" - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A4DF34E-9734-4696-A376-1690778AAFAE}\MpKsl5e4cf9fe.sys
"MpKsl6b61d8cb" (MpKsl6b61d8cb) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6E8D2A4-27EC-4E42-91C6-29754EF1F460}\MpKsl6b61d8cb.sys  (File not found)
"MpKsl8c3a74af" (MpKsl8c3a74af) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA119E0A-D5F0-4243-BA02-F582C844AB7E}\MpKsl8c3a74af.sys  (File not found)
"TSHWMDTCP" (TSHWMDTCP) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\HomeCinema\PlayMovie\000.fcl
"{95808DC4-FA4A-4C74-92FE-5B863F82066B}" ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Program Files\HomeCinema\PowerDVD\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Program Files\ConduitEngine\prxConduitEngine.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Program Files\ConduitEngine\prxConduitEngine.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
"RegistryBooster" - "Uniblue Systems Limited" - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"CCUTRAYICON" - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"NMSSupport" - "Intel Corporation" - "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
"Philips Device Listener" - ? - "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"DQLWinService" (DQLWinService) - ? - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
"GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe
"Google Update Service (gupdate1cae702751500b0)" (gupdate1cae702751500b0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Alert Service" (AlertService) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
"Intel(R) Application Tracker" (MCLServiceATL) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
"Intel(R) DHTrace Controller" (DHTRACE) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"Intel(R) NMSCore" (NMSCore) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
"Intel(R) Quality Manager" (QualityManager) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
"Intel(R) Remoting Service" (Remote UI Service) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
"Intel(R) Software Services Manager" (ISSM) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
"Intel(R) Viiv(TM) Media Server" (M1 Server) - ? - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
"TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

===[ Logfile end ]=========================================[ Logfile end ]===[/QUOTE]
--- --- ---

Das letzte was du genannt hast, hat irgendwie kein log ausgespuck, aber ich konnte es auch nicht auf dem desktop speichern, sondern habe es aus dem Download Fenster aus gestartet (hoffe das war nicht flasch).

Gruß,
Swaggy

Swaggy 25.03.2011 11:58
Ok, hab das log doch gefunden:

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: MEDIONPC
System Product Name: MS-7502
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 149):
0x81E36000 \SystemRoot\system32\ntkrnlpa.exe
0x81E03000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047C000 \SystemRoot\system32\PSHED.dll
0x8048D000 \SystemRoot\system32\BOOTVID.dll
0x80495000 \SystemRoot\system32\CLFS.SYS
0x804D6000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\system32\drivers\acpi.sys
0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EA000 \SystemRoot\system32\drivers\pci.sys
0x80711000 \SystemRoot\System32\drivers\partmgr.sys
0x80720000 \SystemRoot\system32\drivers\volmgr.sys
0x8072F000 \SystemRoot\System32\drivers\volmgrx.sys
0x80779000 \SystemRoot\System32\drivers\mountmgr.sys
0x87A08000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x87ACF000 \SystemRoot\system32\drivers\fltmgr.sys
0x87B01000 \SystemRoot\system32\drivers\fileinfo.sys
0x87B11000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C06000 \SystemRoot\system32\drivers\ndis.sys
0x87D11000 \SystemRoot\system32\drivers\msrpc.sys
0x87D3C000 \SystemRoot\system32\drivers\NETIO.SYS
0x87E0A000 \SystemRoot\System32\drivers\tcpip.sys
0x87EF7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88000000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88110000 \SystemRoot\system32\drivers\volsnap.sys
0x88149000 \SystemRoot\system32\DRIVERS\uagp35.sys
0x8815A000 \SystemRoot\System32\Drivers\spldr.sys
0x88162000 \SystemRoot\System32\Drivers\mup.sys
0x88171000 \SystemRoot\System32\drivers\ecache.sys
0x88198000 \SystemRoot\system32\drivers\disk.sys
0x881A9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x881CA000 \SystemRoot\system32\drivers\crcdisk.sys
0x881E0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x881EB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FD9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BA0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C152000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C1F2000 \SystemRoot\System32\drivers\watchdog.sys
0x87D77000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87DB2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87FE8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C408000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C495000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0x8C5C3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C5ED000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x8C5F0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x87DF0000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x87B82000 \SystemRoot\system32\DRIVERS\serial.sys
0x881F4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x87B9C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C400000 \SystemRoot\System32\Drivers\x10hid.sys
0x87BB4000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0x87FF7000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0x87BC4000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x80789000 \SystemRoot\system32\DRIVERS\storport.sys
0x87BF3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x807CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x807E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x805B6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x807EC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C801000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C816000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x8C81B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C82B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C836000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C841000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C843000 \SystemRoot\System32\Drivers\IntelDH.sys
0x8C845000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C84F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C85C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C891000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C89A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D003000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C8AB000 \SystemRoot\system32\drivers\portcls.sys
0x8C8D8000 \SystemRoot\system32\drivers\drmk.sys
0x8C8FD000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8D1DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D1E7000 \SystemRoot\System32\Drivers\Null.SYS
0x8D1EE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C937000 \SystemRoot\System32\drivers\vga.sys
0x8C943000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D1F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C964000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C96C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C977000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C985000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C98E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C9A4000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C9B8000 \SystemRoot\system32\drivers\afd.sys
0x8D20B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D23D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D253000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D261000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D274000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D2B0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D2BA000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D2D1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8D2F9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8D30E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D310000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8D326000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D333000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x87F12000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x93C80000 \SystemRoot\System32\win32k.sys
0x8D200000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C924000 \SystemRoot\System32\Drivers\x10ufx2.sys
0x87FA2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C92E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x881D3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x87FB9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93EA0000 \SystemRoot\System32\TSDDD.dll
0x93EC0000 \SystemRoot\System32\cdd.dll
0x9A002000 \SystemRoot\system32\drivers\luafv.sys
0x9A025000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A035000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A05F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A069000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A07C000 \SystemRoot\system32\drivers\HTTP.sys
0x9A0E9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A106000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A11F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A134000 \SystemRoot\system32\drivers\mrxdav.sys
0x9A155000
Gruß,

Swaggy

cosinus 25.03.2011 14:08
Das Log von mbrcheck ist unvollständig. Lass das Tool ggf. etwas länger laufen!

Zitat:
"bcmpikdd" (bcmpikdd) - ? - C:\Windows\system32\drivers\bcmpikdd.sys (File not found)
Nitte mit OSAM deaktivieren und löschen (delete from storage)

Swaggy 05.04.2011 12:52
hier ist ein akktueller MbrCheck log, aber die Zeile hab ich bei OSAM nich gefunden.
Ich probiers einfach nochmal.

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO., LTD
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: MEDIONPC
System Product Name: MS-7502
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 149):
0x81E34000 \SystemRoot\system32\ntkrnlpa.exe
0x81E01000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047A000 \SystemRoot\system32\PSHED.dll
0x8048B000 \SystemRoot\system32\BOOTVID.dll
0x80493000 \SystemRoot\system32\CLFS.SYS
0x804D4000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80696000 \SystemRoot\system32\drivers\acpi.sys
0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806ED000 \SystemRoot\system32\drivers\pci.sys
0x80714000 \SystemRoot\System32\drivers\partmgr.sys
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\System32\drivers\mountmgr.sys
0x87A00000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x87AC7000 \SystemRoot\system32\drivers\fltmgr.sys
0x87AF9000 \SystemRoot\system32\drivers\fileinfo.sys
0x87B09000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C00000 \SystemRoot\system32\drivers\ndis.sys
0x87D0B000 \SystemRoot\system32\drivers\msrpc.sys
0x87D36000 \SystemRoot\system32\drivers\NETIO.SYS
0x87E00000 \SystemRoot\System32\drivers\tcpip.sys
0x87EED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88002000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88112000 \SystemRoot\system32\drivers\volsnap.sys
0x8814B000 \SystemRoot\system32\DRIVERS\uagp35.sys
0x8815C000 \SystemRoot\System32\Drivers\spldr.sys
0x88164000 \SystemRoot\System32\Drivers\mup.sys
0x88173000 \SystemRoot\System32\drivers\ecache.sys
0x8819A000 \SystemRoot\system32\drivers\disk.sys
0x881AB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x881CC000 \SystemRoot\system32\drivers\crcdisk.sys
0x881E2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x881ED000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FCF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BA01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C147000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C1E7000 \SystemRoot\System32\drivers\watchdog.sys
0x87D71000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8C1F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x87DAC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87FDE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C40B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C498000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
0x8C5C6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C5F0000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x87FED000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x87DEA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x87B7A000 \SystemRoot\system32\DRIVERS\serial.sys
0x8C5F3000 \SystemRoot\system32\DRIVERS\serenum.sys
0x87B94000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C5FD000 \SystemRoot\System32\Drivers\x10hid.sys
0x87BAC000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0x8C400000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0x87BBC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8078C000 \SystemRoot\system32\DRIVERS\storport.sys
0x87BEB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x807CD000 \SystemRoot\system32\drivers\ScreamingBAudio.sys
0x805B4000 \SystemRoot\system32\drivers\portcls.sys
0x807DA000 \SystemRoot\system32\drivers\drmk.sys
0x805E1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x80600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CA05000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CA28000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CA37000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CA4B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CA60000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x8CA65000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CA75000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CA80000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CA8B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CA8D000 \SystemRoot\System32\Drivers\IntelDH.sys
0x8CA8F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CA99000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CAA6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CADB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8CAE4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D00E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8CAF5000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8D1E9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D1F2000 \SystemRoot\System32\Drivers\Null.SYS
0x8D1F9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D000000 \SystemRoot\System32\drivers\vga.sys
0x8CB2F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CB50000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CB58000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CB60000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CB6B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CB79000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CB82000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CB98000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CBAC000 \SystemRoot\system32\drivers\afd.sys
0x8CE00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CE32000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CE48000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CE56000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CE69000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CEA5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CEAF000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CEC6000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8CEEE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8CF03000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CF05000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8CF1B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CF32000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8CF3B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x87F08000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8CF48000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x8CFD8000 \SystemRoot\System32\Drivers\x10ufx2.sys
0x8CFE2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92670000 \SystemRoot\System32\win32k.sys
0x8CFEA000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CB1C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x92890000 \SystemRoot\System32\TSDDD.dll
0x928B0000 \SystemRoot\System32\cdd.dll
0x9A00F000 \SystemRoot\system32\drivers\luafv.sys
0x9A032000 \SystemRoot\system32\drivers\spsys.sys
0x9A0E2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A0F2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A11C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A126000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A139000 \SystemRoot\system32\drivers\HTTP.sys
0x9A1A6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A1C3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A1DC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C802000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C823000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C842000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C87B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C893000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C8BB000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C909000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9C94C000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9C956000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9C95B000 \SystemRoot\system32\DRIVERS\nmsunidr.sys
0xA5602000 \SystemRoot\system32\drivers\peauth.sys
0xA56E0000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA56EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA56F6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA570B000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA571D000 \??\C:\Program Files\HomeCinema\PlayMovie\000.fcl
0xA573A000 \??\C:\Program Files\HomeCinema\PowerDVD\000.fcl
0xA5765000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA5770000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89620448-425E-422E-A1A3-51F8D978B37B}\MpKsldff02d3e.sys
0x77300000 \Windows\System32\ntdll.dll

Processes (total 77):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
568 csrss.exe
620 C:\Windows\System32\wininit.exe
632 csrss.exe
664 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\winlogon.exe
924 C:\Windows\System32\svchost.exe
968 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1060 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\audiodg.exe
1208 C:\Windows\System32\SLsvc.exe
1248 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\spoolsv.exe
1776 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\dwm.exe
832 C:\Windows\explorer.exe
1284 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1240 C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
1496 C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
1528 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
1552 C:\Windows\RtHDVCpl.exe
2040 C:\Windows\System32\rundll32.exe
2020 C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
288 C:\Program Files\Common Files\Java\Java Update\jusched.exe
304 C:\Program Files\Microsoft Security Client\msseces.exe
328 C:\Program Files\Iminent\IMBooster\IMBooster.exe
612 C:\Program Files\Windows Sidebar\sidebar.exe
1620 C:\Windows\System32\rundll32.exe
2064 C:\Program Files\Logitech\Logitech Vid\Vid.exe
2076 C:\Program Files\Windows Media Player\wmpnscfg.exe
2164 C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
2284 C:\Windows\System32\taskeng.exe
2560 C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
2596 C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
2644 C:\Program Files\Common Files\Gnab\Service\ServiceController.exe
2760 C:\Windows\System32\taskeng.exe
2808 C:\Windows\System32\taskeng.exe
2824 C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
3188 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
3452 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3492 C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
3500 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
3516 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
3668 C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
3712 C:\Windows\System32\PnkBstrA.exe
3724 C:\Windows\System32\svchost.exe
3744 C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe
3764 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3812 C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
3848 C:\Windows\System32\svchost.exe
4084 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
2176 C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
1396 C:\Windows\System32\svchost.exe
236 C:\Windows\System32\SearchIndexer.exe
2364 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
2404 WUDFHost.exe
724 C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
2032 C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
3060 C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
3252 C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
4064 C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
5344 C:\Windows\System32\mobsync.exe
5416 C:\Program Files\Windows Media Player\wmpnetwk.exe
2324 C:\Windows\System32\svchost.exe
4844 C:\Windows\System32\SearchProtocolHost.exe
2376 C:\Windows\System32\SearchFilterHost.exe
2424 <unknown>
2456 <unknown>
5328 C:\Users\Flo\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006f`70841a00 (FAT32)

PhysicalDrive0 Model Number: ST3500320NS, Rev: SN04

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!

Swaggy 05.04.2011 13:05
ok, habe jetzt (hoffentlich) auch die OSAM Zeile gelöscht.
hier ist ein aktueller log:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:03:05 on 05.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"RegistryBooster.job" - "Uniblue Systems Limited" - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\Users\Flo\AppData\Local\Temp\catchme.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MpKsl6b61d8cb" (MpKsl6b61d8cb) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6E8D2A4-27EC-4E42-91C6-29754EF1F460}\MpKsl6b61d8cb.sys  (File not found)
"MpKsl8c3a74af" (MpKsl8c3a74af) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA119E0A-D5F0-4243-BA02-F582C844AB7E}\MpKsl8c3a74af.sys  (File not found)
"MpKsldff02d3e" (MpKsldff02d3e) - "Microsoft Corporation" - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89620448-425E-422E-A1A3-51F8D978B37B}\MpKsldff02d3e.sys
"TSHWMDTCP" (TSHWMDTCP) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\HomeCinema\PlayMovie\000.fcl
"{95808DC4-FA4A-4C74-92FE-5B863F82066B}" ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Program Files\HomeCinema\PowerDVD\000.fcl
(Disabled) "bcmpikdd" (bcmpikdd) - ? - C:\Windows\system32\drivers\bcmpikdd.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
<binary data> "IMinent Toolbar" - ? - C:\Program Files\IMinent Toolbar\tbcore3.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Program Files\ConduitEngine\prxConduitEngine.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
<binary data> "IMinent Toolbar" - ? - C:\Program Files\IMinent Toolbar\tbcore3.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Program Files\ConduitEngine\prxConduitEngine.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} "IMinent WebBooster (BHO)" - "Iminent" - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9d81af43-de53-48d0-a199-42c2a226b24c} "Softonic Deutsch FF Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch_FF\prxtbSof0.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsof0.dll
{58124A0B-DC32-4180-9BFF-E0E21AE34026} "TBSB01620 Class" - ? - C:\Program Files\IMinent Toolbar\tbcore3.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
"RegistryBooster" - "Uniblue Systems Limited" - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"CCUTRAYICON" - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"IMBooster" - "Iminent" - C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"NMSSupport" - "Intel Corporation" - "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
"Philips Device Listener" - ? - "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"DQLWinService" (DQLWinService) - ? - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
"GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe
"Google Update Service (gupdate1cae702751500b0)" (gupdate1cae702751500b0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Alert Service" (AlertService) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
"Intel(R) Application Tracker" (MCLServiceATL) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
"Intel(R) DHTrace Controller" (DHTRACE) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"Intel(R) NMSCore" (NMSCore) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
"Intel(R) Quality Manager" (QualityManager) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
"Intel(R) Remoting Service" (Remote UI Service) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
"Intel(R) Software Services Manager" (ISSM) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
"Intel(R) Viiv(TM) Media Server" (M1 Server) - ? - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
"TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

cosinus 05.04.2011 14:32
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:38 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58