Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google verlinkt mich falsch (https://www.trojaner-board.de/97011-google-verlinkt-mich-falsch.html)

Kronski 31.03.2011 15:38
Google verlinkt mich falsch
 
hallo erstmal,
immer wenn ich in google bei der suche auf einen Link klike komme ich auf eine andere seite als im link beschreiben.
erst beim dritten mal wenn ich den link wähle komme ich auch auf den link.
im anhang ist das logfile fon hijackthis.
leider hab ich in hijackthis schon was gefixt.
danke schon mal im vorraus

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:43:50, on 31.03.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s                                                                                                                                                                                                                     
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"                                                                                                                                                                                                         
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime                                                                                                                                                                                                                     
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"                                                                                                                                                                                                                             
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
 
--
End of file - 7666 bytes
--- --- ---

cosinus 31.03.2011 18:25
http://www.trojaner-board.de/images/icons/icon4.gif Bitte beachten http://www.trojaner-board.de/images/icons/icon4.gif => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

Kronski 31.03.2011 20:26
danke für den hinweis.
hier ist der OTL logfile:
OTL Logfile:
Code:
OTL logfile created on: 31.03.2011 21:08:44 - Run 5
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Kobi\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 332,40 Gb Free Space | 36,51% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,05 Gb Free Space | 60,23% Space Free | Partition Type: NTFS
 
Computer Name: KORBINIAN-PC | User Name: Kobi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kobi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Norton AntiVirus\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Kobi\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110331.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110331.003\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110330.001\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (SymNetS) -- C:\Windows\System32\Drivers\NAV\1205000.07D\SYMNETS.SYS (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                          )
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (LWMouCon) -- C:\Windows\System32\drivers\lwmoucon.ram ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (acedrv09) -- C:\Windows\System32\drivers\acedrv09.sys (Protect Software GmbH)
DRV - (acehlp09) -- C:\Windows\System32\drivers\acehlp09.sys (Protect Software GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: {8225d6f0-dfca-11df-85ca-0800200c9a66}:1.0.4.8
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.20 14:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.20 14:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011.03.22 22:09:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.27 13:08:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 22:33:54 | 000,000,000 | ---D | M]
 
[2011.03.20 14:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kobi\AppData\Roaming\mozilla\Extensions
[2011.03.28 19:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kobi\AppData\Roaming\mozilla\Firefox\Profiles\vtkrlqy8.default\extensions
[2011.03.20 14:52:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kobi\AppData\Roaming\mozilla\Firefox\Profiles\vtkrlqy8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.20 14:52:50 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Kobi\AppData\Roaming\mozilla\Firefox\Profiles\vtkrlqy8.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011.03.20 14:52:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Kobi\AppData\Roaming\mozilla\Firefox\Profiles\vtkrlqy8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.03.27 13:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.20 14:37:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.20 14:37:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011.03.20 14:37:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.20 14:37:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.22 22:09:07 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
() (No name found) -- C:\USERS\KOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTKRLQY8.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\USERS\KOBI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VTKRLQY8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\AcroRd32.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\iastorui.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\infopath.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\itunes.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\msaccess.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\mspub.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\onenote.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\outlook.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\phoenixrc.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\phoenixupdateinstaller.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\pictureviewer.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\quicktimeplayer.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\sepcsuite.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.28 19:37:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.28 19:37:06 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.03.27 14:14:48 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.03.27 14:14:40 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.03.27 14:14:40 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.03.27 14:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011.03.27 14:14:25 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011
[2011.03.27 11:51:04 | 000,000,000 | ---D | C] -- C:\Programme\HijackThis
[2011.03.27 00:42:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.03.27 00:34:40 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Local\Sunbelt Software
[2011.03.27 00:32:46 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2011.03.27 00:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.03.27 00:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011.03.25 21:18:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.03.25 20:03:36 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.03.25 20:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.03.25 19:54:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.25 18:44:17 | 000,000,000 | ---D | C] -- C:\Users\Kobi\Documents\FIFA 11
[2011.03.25 18:40:58 | 000,000,000 | ---D | C] -- C:\Programme\EA Sports
[2011.03.22 22:07:03 | 000,652,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.sys
[2011.03.22 22:07:03 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.sys
[2011.03.22 22:07:03 | 000,295,032 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symnets.sys
[2011.03.22 22:07:03 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.sys
[2011.03.22 22:07:02 | 000,509,560 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.sys
[2011.03.22 22:07:02 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\ironx86.sys
[2011.03.22 22:06:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1205000.07D
[2011.03.22 22:00:05 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.03.22 22:00:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2011.03.22 22:00:05 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2011.03.22 21:59:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2011.03.22 21:59:31 | 000,000,000 | ---D | C] -- C:\Programme\Norton AntiVirus
[2011.03.22 21:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011.03.22 21:59:25 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2011.03.22 19:09:03 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.03.21 21:22:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011.03.21 21:21:30 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011.03.21 14:50:49 | 000,000,000 | ---D | C] -- C:\Users\Kobi\Documents\O&O
[2011.03.21 14:46:32 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011.03.21 14:46:31 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.03.21 14:46:31 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2011.03.21 14:46:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011.03.21 14:46:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.03.21 14:46:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011.03.21 14:46:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011.03.21 14:46:21 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.03.21 14:46:19 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.03.21 14:46:18 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011.03.21 14:46:18 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011.03.21 14:46:18 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011.03.21 14:46:18 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011.03.21 14:46:17 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011.03.21 14:46:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011.03.21 14:46:01 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.03.21 14:45:59 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011.03.21 14:45:59 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011.03.21 14:45:59 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011.03.21 14:45:53 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011.03.21 14:45:52 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011.03.21 14:45:52 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011.03.21 14:45:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.03.21 14:45:51 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.03.21 14:45:44 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.03.21 14:45:43 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011.03.21 14:45:33 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.03.21 14:45:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.03.21 14:45:33 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.03.21 14:45:33 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.03.21 14:45:33 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.03.21 14:45:33 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.03.21 14:45:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.03.21 14:45:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.03.21 14:45:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.03.21 14:45:24 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.03.21 14:45:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.03.21 14:45:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.03.21 14:45:17 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.21 14:45:17 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011.03.21 14:45:17 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.21 14:45:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.21 14:45:15 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011.03.21 14:45:11 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.03.21 14:45:11 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.03.21 14:45:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.21 14:45:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011.03.21 14:45:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.03.21 14:45:05 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.03.21 14:45:05 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.03.21 14:45:04 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.03.21 14:45:04 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.03.21 14:45:04 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.21 14:45:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.03.21 14:45:03 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.03.21 14:45:03 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.03.21 14:45:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.03.21 14:45:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.03.21 14:45:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.03.21 14:45:03 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.03.21 14:44:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011.03.21 14:44:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.03.21 14:44:51 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011.03.21 14:44:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011.03.21 14:44:51 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.03.21 14:44:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011.03.21 14:44:49 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011.03.21 14:44:49 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011.03.21 14:44:48 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.03.21 14:44:48 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.03.21 14:44:48 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.03.21 14:44:48 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.03.21 14:44:48 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.03.21 14:44:48 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.03.21 14:44:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.03.21 14:44:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.03.21 14:44:44 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.03.21 14:44:44 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.03.20 18:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.20 18:11:37 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011.03.20 18:11:22 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.20 18:11:07 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2011.03.20 18:09:53 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\Malwarebytes
[2011.03.20 18:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.20 15:19:21 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.03.20 15:19:21 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.03.20 15:19:21 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.03.20 14:33:42 | 000,000,000 | --SD | C] -- C:\Users\Kobi\AppData\Roaming\Microsoft
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Videos
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Saved Games
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Pictures
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Music
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Links
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Favorites
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Downloads
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Documents
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Desktop
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Vorlagen
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\AppData\Local\Verlauf
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\AppData\Local\Temporary Internet Files
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Startmenü
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\SendTo
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Recent
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Netzwerkumgebung
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Lokale Einstellungen
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Documents\Eigene Videos
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Documents\Eigene Musik
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Eigene Dateien
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Documents\Eigene Bilder
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Druckumgebung
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Cookies
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\AppData\Local\Anwendungsdaten
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Anwendungsdaten
[2011.03.20 14:33:42 | 000,000,000 | -H-D | C] -- C:\Users\Kobi\AppData
[2011.03.20 14:33:42 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Local\Temp
[2011.03.20 14:33:42 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Local\Microsoft
[2011.03.20 14:33:42 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\Media Center Programs
[2011.03.20 14:32:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011.03.20 14:32:42 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2011.03.20 14:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.03.20 14:32:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.03.20 14:32:07 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2011.03.20 14:30:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.03.20 14:28:56 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011.03.20 14:09:15 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2011.03.20 14:03:32 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2011.03.19 21:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.03.19 21:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.03.14 19:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011.03.14 19:20:54 | 000,000,000 | ---D | C] -- C:\Users\Kobi\Documents\Any Video Converter
[2011.03.14 19:20:44 | 000,000,000 | ---D | C] -- C:\Programme\AnvSoft
[2011.03.14 15:47:16 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\DVDVideoSoft
[2011.03.13 21:44:53 | 000,000,000 | ---D | C] -- C:\Users\Kobi\Documents\Stardock
[2011.03.13 21:44:45 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\Stardock
[2011.03.12 14:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Bluefish Media
[2011.03.12 14:48:35 | 000,000,000 | ---D | C] -- C:\Programme\Bluefish Games
[2011.03.10 12:52:18 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011.03.04 17:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.03.04 16:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2011.03.04 16:32:02 | 000,000,000 | ---D | C] -- C:\Programme\Elaborate Bytes
[2011.03.03 18:49:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP
[2011.03.02 17:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.03.02 16:38:14 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[1 C:\Users\Kobi\Desktop\*.tmp files -> C:\Users\Kobi\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.31 21:11:04 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.31 21:11:04 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.31 21:11:04 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.31 21:11:04 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.31 21:04:45 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.31 21:04:31 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\Knpt.job
[2011.03.31 21:04:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.31 18:16:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.31 15:29:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.31 15:29:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.30 15:47:37 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.03.30 15:45:28 | 001,048,730 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB
[2011.03.27 14:14:39 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.03.27 14:14:39 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.03.27 12:43:21 | 000,001,404 | ---- | M] () -- C:\Users\Kobi\Desktop\HijackThis - Verknüpfung.lnk
[2011.03.27 00:42:14 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.03.27 00:03:43 | 000,012,627 | ---- | M] () -- C:\Users\Kobi\Desktop\Windows Mediaplayer.lnk
[2011.03.25 18:42:19 | 000,000,192 | ---- | M] () -- C:\Users\Kobi\Desktop\FIFA 11 Demo.lnk
[2011.03.22 22:08:56 | 000,002,334 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011.03.22 22:00:05 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.03.22 22:00:05 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.03.22 22:00:05 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.03.22 15:01:35 | 003,842,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.21 20:35:58 | 000,281,760 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.03.21 20:35:58 | 000,025,888 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.03.20 18:12:29 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.20 15:46:42 | 000,000,017 | ---- | M] () -- C:\Users\Kobi\AppData\Local\resmon.resmoncfg
[2011.03.20 15:36:41 | 000,000,668 | ---- | M] () -- C:\Users\Kobi\Desktop\Kobi.lnk
[2011.03.20 15:36:33 | 000,000,355 | ---- | M] () -- C:\Users\Kobi\Desktop\Computer.lnk
[2011.03.20 15:09:37 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011.03.20 15:01:42 | 000,021,532 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2011.03.20 14:33:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011.03.20 14:33:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011.03.20 14:32:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.03.20 13:30:48 | 000,002,544 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011.03.20 13:30:46 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2011.03.19 21:51:56 | 000,155,648 | RHS- | M] () -- C:\Windows\System32\wavemspb.dll
[2011.03.16 16:19:26 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.14 19:23:38 | 000,001,202 | ---- | M] () -- C:\Users\Kobi\Desktop\Any Video Converter.lnk
[2011.03.14 15:48:17 | 000,001,205 | ---- | M] () -- C:\Users\Kobi\Desktop\DVDVideoSoft Free Studio.lnk
[1 C:\Users\Kobi\Desktop\*.tmp files -> C:\Users\Kobi\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.27 14:14:39 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.03.27 14:14:38 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.03.27 14:14:34 | 000,002,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011.03.27 13:08:29 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.27 12:43:21 | 000,001,404 | ---- | C] () -- C:\Users\Kobi\Desktop\HijackThis - Verknüpfung.lnk
[2011.03.27 00:03:43 | 000,012,627 | ---- | C] () -- C:\Users\Kobi\Desktop\Windows Mediaplayer.lnk
[2011.03.25 18:42:19 | 000,000,192 | ---- | C] () -- C:\Users\Kobi\Desktop\FIFA 11 Demo.lnk
[2011.03.22 22:08:14 | 001,048,730 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB
[2011.03.22 22:07:03 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnet.cat
[2011.03.22 22:07:03 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.cat
[2011.03.22 22:07:03 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.cat
[2011.03.22 22:07:03 | 000,003,374 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.inf
[2011.03.22 22:07:03 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.inf
[2011.03.22 22:07:03 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnet.inf
[2011.03.22 22:07:02 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\iron.cat
[2011.03.22 22:07:02 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.cat
[2011.03.22 22:07:02 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.cat
[2011.03.22 22:07:02 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.inf
[2011.03.22 22:07:02 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.inf
[2011.03.22 22:07:02 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\iron.inf
[2011.03.22 22:06:58 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\isolate.ini
[2011.03.22 22:00:05 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.03.22 22:00:05 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.03.22 22:00:03 | 000,002,334 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011.03.22 19:11:37 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.03.20 18:12:29 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.20 15:46:42 | 000,000,017 | ---- | C] () -- C:\Users\Kobi\AppData\Local\resmon.resmoncfg
[2011.03.20 15:36:41 | 000,000,668 | ---- | C] () -- C:\Users\Kobi\Desktop\Kobi.lnk
[2011.03.20 15:36:33 | 000,000,355 | ---- | C] () -- C:\Users\Kobi\Desktop\Computer.lnk
[2011.03.20 15:18:25 | 000,001,417 | ---- | C] () -- C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.03.20 15:01:42 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.03.20 14:33:28 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.03.20 14:33:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.03.20 14:33:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011.03.20 14:33:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011.03.20 14:32:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.03.20 13:30:46 | 000,002,544 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011.03.20 13:30:46 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2011.03.19 21:51:57 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\Knpt.job
[2011.03.19 21:51:56 | 000,155,648 | RHS- | C] () -- C:\Windows\System32\wavemspb.dll
[2011.03.14 19:23:38 | 000,001,202 | ---- | C] () -- C:\Users\Kobi\Desktop\Any Video Converter.lnk
[2011.02.22 16:54:02 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.02.22 16:54:02 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.01.21 16:05:11 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.12.20 18:27:09 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2010.11.26 16:26:34 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.11.26 16:26:26 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.11.26 16:26:21 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.11.04 23:49:19 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.11.02 15:40:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.02 12:17:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.10.17 20:33:38 | 000,003,764 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.10.17 20:33:38 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\4191328E39.sys
[2010.09.07 09:42:03 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.09.04 13:41:51 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.09.04 13:41:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.06.24 16:54:57 | 002,163,383 | -HS- | C] () -- C:\Windows\System32\aepics.sys
[2010.06.18 15:26:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ACCTRESa.sys
[2010.06.13 09:58:11 | 000,000,609 | ---- | C] () -- C:\Windows\7THLEVEL.INI
[2010.06.13 09:43:55 | 000,000,857 | ---- | C] () -- C:\Windows\XLMSoft.ini
[2010.06.13 08:51:45 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI
[2010.06.12 09:53:50 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.06.08 21:27:01 | 000,000,501 | --S- | C] () -- C:\Windows\System32\711303030.dat
[2010.06.06 20:25:51 | 000,000,000 | ---- | C] () -- C:\Windows\musiceditor.INI
[2010.05.20 18:18:52 | 000,180,988 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.04.21 17:04:22 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.04.21 17:04:22 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.04.09 20:35:11 | 000,380,928 | ---- | C] () -- C:\Windows\System32\server.dll
[2010.04.09 20:35:11 | 000,022,016 | ---- | C] () -- C:\Windows\System32\setup.exe
[2010.04.09 20:34:44 | 000,000,258 | ---- | C] () -- C:\Windows\System32\dat.bin
[2010.04.09 20:34:43 | 000,720,896 | ---- | C] () -- C:\Windows\System32\EAInstall.dll
[2010.04.09 20:34:35 | 007,577,600 | ---- | C] () -- C:\Windows\System32\nfsc_demo.exe
[2010.04.07 09:36:52 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.03.04 17:19:25 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2010.02.19 10:57:19 | 000,000,000 | ---- | C] () -- C:\Users\Kobi\AppData\Roaming\wklnhst.dat
[2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.20 12:16:02 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.11.16 15:24:46 | 000,000,037 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 10:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 003,842,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 01:19:28 | 000,009,232 | ---- | C] () -- C:\Windows\System32\amxreadn.dat
[2009.07.14 01:19:28 | 000,009,232 | ---- | C] () -- C:\Windows\System32\ActionCenterCPLr.dat
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.06.05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

< End of report >
--- --- ---

cosinus 01.04.2011 11:31
Zitat:
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Norton AntiVirus\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation)
Hm, da ist doch einiges an unützem Zeug drauf.

1.) TuneUp ist völlig unnützer Ballast. TuneUp zieht sich - warum auch immer - fast durchgängig durch alle Logs hier, warum weiß ich nicht, denn TuneUp ist eigentlich der letzte Schrott => TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de

2.) Zwei Virenscanner wie Norton und AntiVir gehen garnicht! Deinstalliere einen der beiden!

3.) Was ist mit den anderen Logs? Malwarebytes?

Kronski 02.04.2011 17:01
danke für die schnelle Antwort
hier ist die logdatei von Malwarebytes
PHP-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6235

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.04.2011 17:23:20
mbam-log-2011-04-01 (17-23-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 291923
Laufzeit: 31 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden) 

cosinus 03.04.2011 13:44
Ein Virenscanner ist deinstalliert? TuneUp auch?

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Kronski 03.04.2011 20:31
ja virenscaner und tuneup sind deaktiviert.
hier ist die andere logdatei von malwarebytes
PHP-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6131

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.03.2011 14:52:43
mbam-log-2011-03-22 (14-52-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 294189
Laufzeit: 39 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden) 

cosinus 04.04.2011 09:03
Zitat:
22.03.2011 14:52:43
Der letzte Scan ist aber schon länger her. Bitte updaten und einen Vollscan machen.
Poste alle Logs, die im Reiter Logdateien zu sehen sind.

Kronski 04.04.2011 14:56
hier ist das neueste logfile

PHP-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6266

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.04.2011 15:32:11
mbam-log-2011-04-04 (15-32-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 291795
Laufzeit: 33 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden) 

cosinus 04.04.2011 15:09
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Kronski 05.04.2011 15:17
hier ist die datei

Combofix Logfile:
Code:
ComboFix 11-04-04.02 - Kobi 05.04.2011  14:33:51.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3063.2156 [GMT 2:00]
ausgeführt von:: c:\users\Kobi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kobi\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\users\Kobi\AppData\Roaming\OfferBox
c:\users\Kobi\AppData\Roaming\OfferBox\config.xml
c:\windows\system32\711303030.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\server.dll
c:\windows\system32\setup.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-05 bis 2011-04-05  ))))))))))))))))))))))))))))))
.
.
2011-04-05 12:39 . 2011-04-05 12:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-05 12:24 . 2011-04-05 12:24        --------        d-----w-        c:\program files\CCleaner
2011-04-01 14:50 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-01 14:50 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-28 17:37 . 2011-03-28 17:37        --------        d-----w-        c:\program files\ERUNT
2011-03-26 22:42 . 2011-03-26 22:42        98392        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2011-03-26 22:32 . 2011-03-27 05:31        --------        d-----w-        c:\programdata\Lavasoft
2011-03-26 22:32 . 2011-03-26 22:32        --------        d-----w-        c:\program files\Lavasoft
2011-03-25 18:03 . 2011-03-25 18:47        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-03-25 18:03 . 2011-03-25 18:47        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2011-03-25 17:54 . 2011-04-01 14:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-03-25 16:40 . 2011-03-25 16:40        --------        d-----w-        c:\program files\EA Sports
2011-03-22 17:09 . 2010-04-09 07:24        240008        ----a-w-        c:\windows\system32\drivers\netio.sys
2011-03-21 19:26 . 2009-09-10 05:52        257024        ----a-w-        c:\windows\system32\msv1_0.dll
2011-03-21 19:22 . 2010-02-11 07:10        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2011-03-21 19:21 . 2010-03-04 03:57        190976        ----a-w-        c:\windows\system32\drivers\ks.sys
2011-03-21 19:21 . 2010-09-14 06:07        276992        ----a-w-        c:\windows\system32\wcncsvc.dll
2011-03-21 12:45 . 2009-09-03 07:04        1320960        ----a-w-        c:\windows\system32\CertEnroll.dll
2011-03-20 16:11 . 2009-05-18 12:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-20 16:11 . 2008-04-17 11:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2011-03-20 16:11 . 2011-03-20 16:11        --------        d-----w-        c:\program files\iPod
2011-03-20 16:11 . 2011-03-20 16:11        --------        d-----w-        c:\program files\Apple Software Update
2011-03-20 16:09 . 2011-03-20 16:09        --------        d-----w-        c:\programdata\Malwarebytes
2011-03-20 13:21 . 2009-12-29 06:55        172032        ----a-w-        c:\windows\system32\wintrust.dll
2011-03-20 13:21 . 2010-01-09 06:52        132608        ----a-w-        c:\windows\system32\cabview.dll
2011-03-20 13:19 . 2009-11-25 11:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2011-03-20 13:19 . 2009-11-25 11:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2011-03-20 13:19 . 2009-11-25 11:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2011-03-20 13:19 . 2009-11-25 11:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2011-03-20 13:19 . 2009-11-25 11:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2011-03-20 13:16 . 2011-04-05 12:15        --------        d-----w-        c:\windows\system32\wbem\Performance
2011-03-20 12:56 . 2011-03-20 12:56        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2011-03-20 12:33 . 2011-03-30 13:03        --------        d-----w-        c:\users\Kobi
2011-03-20 12:32 . 2011-03-20 12:32        --------        d-----w-        c:\windows\system32\RTCOM
2011-03-20 12:32 . 2011-03-20 12:32        --------        d-----w-        c:\program files\Realtek
2011-03-20 12:32 . 2011-03-20 12:32        --------        d-----w-        c:\programdata\NVIDIA
2011-03-20 12:32 . 2011-04-01 14:37        --------        d-sh--w-        c:\windows\Installer
2011-03-20 12:32 . 2011-03-20 12:39        --------        d-----w-        c:\program files\NVIDIA Corporation
2011-03-20 12:28 . 2011-03-20 13:17        --------        d-----w-        c:\windows\Panther
2011-03-20 12:09 . 2011-03-20 13:02        --------        d-----w-        C:\$WINDOWS.~Q
2011-03-20 12:03 . 2011-03-20 12:06        --------        d-----w-        C:\$INPLACE.~TR
2011-03-19 19:51 . 2011-03-19 19:51        155648        --sha-r-        c:\windows\system32\wavemspb.dll
2011-03-19 19:30 . 2011-04-01 14:46        --------        d-----w-        c:\programdata\Norton
2011-03-18 15:37 . 2011-02-11 06:54        5943120        ------w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E69125E6-EEAD-47E4-89DA-9E9CFEB47D00}\mpengine.dll
2011-03-14 17:20 . 2011-03-20 12:35        --------        d-----w-        c:\program files\AnvSoft
2011-03-12 12:48 . 2011-03-20 12:42        --------        d-----w-        c:\programdata\Bluefish Media
2011-03-12 12:48 . 2011-03-12 13:49        --------        d-----w-        c:\program files\Bluefish Games
2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 09:19 . 2010-05-19 14:50        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-27 09:18 . 2010-05-19 14:50        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-27 09:18 . 2010-02-18 08:19        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-21 18:35 . 2010-09-04 11:41        281760        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2011-03-21 18:35 . 2010-09-04 11:41        25888        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2011-03-21 15:58 . 2010-02-05 14:52        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-16 14:19 . 2011-02-19 21:36        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-01-21 14:05 . 2011-01-21 14:05        53248        ----a-w-        c:\windows\system32\unrar.dll
2011-01-10 13:23 . 2011-02-19 21:36        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-01-07 14:55 . 2011-01-07 14:55        40800        ----a-w-        c:\windows\system32\drivers\point32.sys
2011-01-06 18:37 . 2011-01-06 18:37        44416        ----a-w-        c:\windows\system32\drivers\dc3d.sys
2011-01-06 18:37 . 2011-01-06 18:37        1461992        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2011-01-06 16:31 . 2010-11-08 16:34        103424        ----a-w-        c:\windows\system32\PowerUp3_nat.dll
2011-03-18 17:56 . 2011-03-27 11:08        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33        421160        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-04 15:17        7703072        ----a-w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 135664]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S1 LWMouCon;LWMouCon; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-06 44416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 15:01]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 15:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Kobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtkrlqy8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSE05.00.00.01PRO"="8092E1CB116445857736E8BAA23EF748B32F55DEBC17BF3589968D5DDD320A42505133009E53DB7AA6B886FE60B95BCF07E62358C82430FBAD0605320D76B968462F64D38ED709B47D6158AEC975B53E4603576E10CA7CC50B73F9A6967C309499AC16834FC0F9C26DF9A414195C6B04C0B37D9E3CAC5C056F99DC8831BF1C58332E3FCC460375F79E2D867F027BF754F70F75E96B0E9F6E5B17F2AA89DD4389AFF8A9F149B5D1EBEA8D6D4429026626268D7153AE59A8FA83ED53E0BCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C5D575E7D6A3B9808C038D530D6EB34520FB35DAA78F93578F9E42D7C009F167EC01BA6F14F9DE29CB535455936DAED6A70433C6B94A299D461695331A435C766648E58B7E89B49E76FE197971352E44CCBA272448DBF70EBE14A77B48C7F779091F311D62E7970D51E2648D3B2CA7FCE295912A237FB57083BE1A8F20F8D9255E11A82D7224DB5E8546549D4E0FE2E40B47FEBAC4758ECE7D49FBE8CEC44897F94E3A3782BFEFC194B19D1944EFE63E840431BB9D42856BC38045057C6DCD24C8DC9AE2B954F2CD25ECC5CC20FAB967F4064F9D25F143DAC12273CD9A4646770D2D4219390CD2E770CA029411CBD4433CDBA28B9C6174E5236B123D16F3AC59290273E0D2F60F0D9FA49BB27D0BEEB2226AC0CE15280393B19E2E930F695EECC14718A25E942E841718FD9BDEE8C90E32939CC71AAF433E8D50C3B18EC7CE830507B519C1A008B6B5B4E8F849ADBBA81DC7155455CEB74D1291502E2E7CD3D3EDC2221E880FA5386C877AC2FDA3275F66A79D7EB5931BAE075F6F01CE139F9EEF5D34B33C1E9BEB86D8DC2221D6C50B49C0DC6AAF5E4C5F2C0BFFB863843B02B7713E45A62565297A12AA978B236DE2066F65BF66DF95A5BB513DD943046F554E5F74BEE509E91B062797C804E93B9145C9912FCDD3940DDA0A691706FEC65BD69AD193659F38A05CCBA1B3D895C7B5BB66AA91CC5BDC536F3435A757EB91AAB4BF3B32B32DAC98626C32765E03BC537537126E80C773B93C64A3CB34C01385BF91CBDF97130611ED77B8964B22DB85E32CD51A97AAAF395D0AA01F02C6BE4FB8990A404911FE9A7EA5FEB564606FE77F8AF375B3D6D4A5371ECB52555F448AE31C915DEF32A7DF3127EBE8F426D43A2EE5C26ABE72D9AD52BA92BFCDFEF908CCA5880D5DA27B9C41F7EB316B3DCB4ED03AD34FE6D2AC41C239176D84B00EF1FD4DF1F646E3F42D50B9543258A2308DFC590B96E29F6AC19A164F04D7A9E1DE6F395E8BDB8723DCFF192A82A9BE4F4F0EA06D042D67A3D3297FA3823B2174F55ED489C46AA8FD5D413D3E1C79E96B50FCC235A7C99F2E1BF15BC2C56208C46522ED3BD"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-05  14:40:41
ComboFix-quarantined-files.txt  2011-04-05 12:40
.
Vor Suchlauf: 5 Verzeichnis(se), 354.070.548.480 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 353.977.888.768 Bytes frei
.
- - End Of File - - D4C6205268B268F2A243CB685EBC04E1
--- --- ---

cosinus 05.04.2011 17:28
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Driver::
LWMouCon

Seccenter::
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Kronski 05.04.2011 20:30
hier ist das logfile und danke für die schnellen antworten

Combofix Logfile:
Code:
ComboFix 11-04-04.04 - Kobi 05.04.2011  19:56:04.2.4 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3063.1675 [GMT 2:00]
ausgeführt von:: c:\users\Kobi\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Kobi\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LWMOUCON
-------\Service_LWMouCon
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-05 bis 2011-04-05  ))))))))))))))))))))))))))))))
.
.
2011-04-05 18:09 . 2011-04-05 18:09        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-05 14:31 . 2011-02-19 05:33        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-04-05 14:31 . 2011-02-19 05:32        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-04-05 14:31 . 2011-02-19 05:32        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-04-05 14:22 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFBEAE47-C6C7-4B33-B0ED-63FBA7C0F493}\mpengine.dll
2011-04-05 12:24 . 2011-04-05 12:24        --------        d-----w-        c:\program files\CCleaner
2011-04-01 14:50 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-01 14:50 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-28 17:37 . 2011-03-28 17:37        --------        d-----w-        c:\program files\ERUNT
2011-03-26 22:42 . 2011-03-26 22:42        98392        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2011-03-26 22:32 . 2011-03-27 05:31        --------        d-----w-        c:\programdata\Lavasoft
2011-03-26 22:32 . 2011-03-26 22:32        --------        d-----w-        c:\program files\Lavasoft
2011-03-25 18:03 . 2011-03-25 18:47        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-03-25 18:03 . 2011-03-25 18:47        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2011-03-25 17:54 . 2011-04-01 14:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-03-25 16:40 . 2011-03-25 16:40        --------        d-----w-        c:\program files\EA Sports
2011-03-22 17:09 . 2010-04-09 07:24        240008        ----a-w-        c:\windows\system32\drivers\netio.sys
2011-03-21 19:26 . 2009-09-10 05:52        257024        ----a-w-        c:\windows\system32\msv1_0.dll
2011-03-21 19:22 . 2010-02-11 07:10        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2011-03-21 19:21 . 2010-03-04 03:57        190976        ----a-w-        c:\windows\system32\drivers\ks.sys
2011-03-21 19:21 . 2010-09-14 06:07        276992        ----a-w-        c:\windows\system32\wcncsvc.dll
2011-03-21 12:45 . 2009-09-03 07:04        1320960        ----a-w-        c:\windows\system32\CertEnroll.dll
2011-03-20 16:11 . 2009-05-18 12:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-20 16:11 . 2008-04-17 11:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2011-03-20 16:11 . 2011-03-20 16:11        --------        d-----w-        c:\program files\iPod
2011-03-20 16:11 . 2011-03-20 16:11        --------        d-----w-        c:\program files\Apple Software Update
2011-03-20 16:09 . 2011-03-20 16:09        --------        d-----w-        c:\programdata\Malwarebytes
2011-03-20 13:21 . 2009-12-29 06:55        172032        ----a-w-        c:\windows\system32\wintrust.dll
2011-03-20 13:21 . 2010-01-09 06:52        132608        ----a-w-        c:\windows\system32\cabview.dll
2011-03-20 13:19 . 2009-11-25 11:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2011-03-20 13:19 . 2009-11-25 11:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2011-03-20 13:19 . 2009-11-25 11:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2011-03-20 13:19 . 2009-11-25 11:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2011-03-20 13:19 . 2009-11-25 11:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2011-03-20 13:16 . 2011-04-05 18:14        --------        d-----w-        c:\windows\system32\wbem\Performance
2011-03-20 12:56 . 2011-03-20 12:56        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2011-03-20 12:33 . 2011-03-30 13:03        --------        d-----w-        c:\users\Kobi
2011-03-20 12:32 . 2011-03-20 12:32        --------        d-----w-        c:\windows\system32\RTCOM
2011-03-20 12:32 . 2011-03-20 12:32        --------        d-----w-        c:\program files\Realtek
2011-03-20 12:32 . 2011-03-20 12:32        --------        d-----w-        c:\programdata\NVIDIA
2011-03-20 12:32 . 2011-04-01 14:37        --------        d-sh--w-        c:\windows\Installer
2011-03-20 12:32 . 2011-03-20 12:39        --------        d-----w-        c:\program files\NVIDIA Corporation
2011-03-20 12:28 . 2011-03-20 13:17        --------        d-----w-        c:\windows\Panther
2011-03-20 12:09 . 2011-03-20 13:02        --------        d-----w-        C:\$WINDOWS.~Q
2011-03-20 12:03 . 2011-03-20 12:06        --------        d-----w-        C:\$INPLACE.~TR
2011-03-19 19:51 . 2011-03-19 19:51        155648        --sha-r-        c:\windows\system32\wavemspb.dll
2011-03-19 19:30 . 2011-04-01 14:46        --------        d-----w-        c:\programdata\Norton
2011-03-14 17:20 . 2011-03-20 12:35        --------        d-----w-        c:\program files\AnvSoft
2011-03-12 12:48 . 2011-03-20 12:42        --------        d-----w-        c:\programdata\Bluefish Media
2011-03-12 12:48 . 2011-03-12 13:49        --------        d-----w-        c:\program files\Bluefish Games
2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 09:19 . 2010-05-19 14:50        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-27 09:18 . 2010-05-19 14:50        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-27 09:18 . 2010-02-18 08:19        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-21 18:35 . 2010-09-04 11:41        281760        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2011-03-21 18:35 . 2010-09-04 11:41        25888        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2011-03-21 15:58 . 2010-02-05 14:52        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-16 14:19 . 2011-02-19 21:36        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-02 16:11 . 2009-11-16 10:03        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-21 14:05 . 2011-01-21 14:05        53248        ----a-w-        c:\windows\system32\unrar.dll
2011-01-10 13:23 . 2011-02-19 21:36        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-01-07 14:55 . 2011-01-07 14:55        40800        ----a-w-        c:\windows\system32\drivers\point32.sys
2011-01-06 18:37 . 2011-01-06 18:37        44416        ----a-w-        c:\windows\system32\drivers\dc3d.sys
2011-01-06 18:37 . 2011-01-06 18:37        1461992        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2011-01-06 16:31 . 2010-11-08 16:34        103424        ----a-w-        c:\windows\system32\PowerUp3_nat.dll
2011-03-18 17:56 . 2011-03-27 11:08        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33        421160        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-04 15:17        7703072        ----a-w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 135664]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-06 44416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 15:01]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 15:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Kobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtkrlqy8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSE05.00.00.01PRO"="8092E1CB116445857736E8BAA23EF748B32F55DEBC17BF3589968D5DDD320A42505133009E53DB7AA6B886FE60B95BCF07E62358C82430FBAD0605320D76B968462F64D38ED709B47D6158AEC975B53E4603576E10CA7CC50B73F9A6967C309499AC16834FC0F9C26DF9A414195C6B04C0B37D9E3CAC5C056F99DC8831BF1C58332E3FCC460375F79E2D867F027BF754F70F75E96B0E9F6E5B17F2AA89DD4389AFF8A9F149B5D1EBEA8D6D4429026626268D7153AE59A8FA83ED53E0BCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C5D575E7D6A3B9808C038D530D6EB34520FB35DAA78F93578F9E42D7C009F167EC01BA6F14F9DE29CB535455936DAED6A70433C6B94A299D461695331A435C766648E58B7E89B49E76FE197971352E44CCBA272448DBF70EBE14A77B48C7F779091F311D62E7970D51E2648D3B2CA7FCE295912A237FB57083BE1A8F20F8D9255E11A82D7224DB5E8546549D4E0FE2E40B47FEBAC4758ECE7D49FBE8CEC44897F94E3A3782BFEFC194B19D1944EFE63E840431BB9D42856BC38045057C6DCD24C8DC9AE2B954F2CD25ECC5CC20FAB967F4064F9D25F143DAC12273CD9A4646770D2D4219390CD2E770CA029411CBD4433CDBA28B9C6174E5236B123D16F3AC59290273E0D2F60F0D9FA49BB27D0BEEB2226AC0CE15280393B19E2E930F695EECC14718A25E942E841718FD9BDEE8C90E32939CC71AAF433E8D50C3B18EC7CE830507B519C1A008B6B5B4E8F849ADBBA81DC7155455CEB74D1291502E2E7CD3D3EDC2221E880FA5386C877AC2FDA3275F66A79D7EB5931BAE075F6F01CE139F9EEF5D34B33C1E9BEB86D8DC2221D6C50B49C0DC6AAF5E4C5F2C0BFFB863843B02B7713E45A62565297A12AA978B236DE2066F65BF66DF95A5BB513DD943046F554E5F74BEE509E91B062797C804E93B9145C9912FCDD3940DDA0A691706FEC65BD69AD193659F38A05CCBA1B3D895C7B5BB66AA91CC5BDC536F3435A757EB91AAB4BF3B32B32DAC98626C32765E03BC537537126E80C773B93C64A3CB34C01385BF91CBDF97130611ED77B8964B22DB85E32CD51A97AAAF395D0AA01F02C6BE4FB8990A404911FE9A7EA5FEB564606FE77F8AF375B3D6D4A5371ECB52555F448AE31C915DEF32A7DF3127EBE8F426D43A2EE5C26ABE72D9AD52BA92BFCDFEF908CCA5880D5DA27B9C41F7EB316B3DCB4ED03AD34FE6D2AC41C239176D84B00EF1FD4DF1F646E3F42D50B9543258A2308DFC590B96E29F6AC19A164F04D7A9E1DE6F395E8BDB8723DCFF192A82A9BE4F4F0EA06D042D67A3D3297FA3823B2174F55ED489C46AA8FD5D413D3E1C79E96B50FCC235A7C99F2E1BF15BC2C56208C46522ED3BD"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-05  21:25:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-05 19:25
ComboFix2.txt  2011-04-05 12:40
.
Vor Suchlauf: 17 Verzeichnis(se), 353.126.141.952 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 352.266.457.088 Bytes frei
.
- - End Of File - - 6AF1A2C50448B154AE842866DAB62A2F
--- --- ---

cosinus 06.04.2011 08:08
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Kronski 06.04.2011 13:19
da ist nur ein tool von norman und ein anderes.
also das von norman oder das andere :confused:

Kronski 06.04.2011 13:52
hier ist die datei:

PHP-Code:
2011/04/06 14:50:40.0276 2808    TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/06 14:50:40.0728 2808    ================================================================================
2011/04/06 14:50:40.0728 2808    SystemInfo:
2011/04/06 14:50:40.0728 2808    
2011/04/06 14:50:40.0728 2808    OS Version6.1.7601 ServicePack1.0
2011/04/06 14:50:40.0728 2808    Product typeWorkstation
2011/04/06 14:50:40.0728 2808    ComputerNameKORBINIAN-PC
2011/04/06 14:50:40.0728 2808    UserNameKobi
2011/04/06 14:50:40.0728 2808    Windows directoryC:\Windows
2011/04/06 14:50:40.0728 2808    System windows directoryC:\Windows
2011/04/06 14:50:40.0728 2808    Processor architectureIntel x86
2011/04/06 14:50:40.0728 2808    Number of processors4
2011/04/06 14:50:40.0728 2808    Page size0x1000
2011/04/06 14:50:40.0728 2808    Boot typeNormal boot
2011/04/06 14:50:40.0728 2808    ================================================================================
2011/04/06 14:50:40.0994 2808    Initialize success
2011/04/06 14:50:44.0909 3632    ================================================================================
2011/04/06 14:50:44.0909 3632    Scan started
2011/04/06 14:50:44.0909 3632    ModeManual
2011/04/06 14:50:44.0909 3632    ================================================================================
2011/04/06 14:50:46.0828 3632    1394ohci        (1b133875b8aa8ac48969bd3458afe9f5C:\Windows\system32\drivers\1394ohci.sys
2011/04/06 14:50:46.0953 3632    acedrv09        (bd4e8c841716d5f2804ce000cfe61524C:\Windows\system32\drivers\acedrv09.sys
2011/04/06 14:50:47.0078 3632    acedrv11        (a6fe70357a68ad1e279cd1012419cce6C:\Windows\system32\drivers\acedrv11.sys
2011/04/06 14:50:47.0187 3632    acehlp09        (7b19e528f2f40524e2c40f754a571eb8C:\Windows\system32\drivers\acehlp09.sys
2011/04/06 14:50:47.0312 3632    ACPI            (cea80c80bed809aa0da6febc04733349C:\Windows\system32\drivers\ACPI.sys
2011/04/06 14:50:47.0421 3632    AcpiPmi         (1efbc664abff416d1d07db115dcb264fC:\Windows\system32\drivers\acpipmi.sys
2011/04/06 14:50:47.0546 3632    adp94xx         (21e785ebd7dc90a06391141aac7892fbC:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/06 14:50:47.0686 3632    adpahci         (0c676bc278d5b59ff5abd57bbe9123f2C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/06 14:50:47.0795 3632    adpu320         (7c7b5ee4b7b822ec85321fe23a27db33C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/06 14:50:47.0967 3632    AFD             (1151fd4fb0216cfed887bfde29ebd516C:\Windows\system32\drivers\afd.sys
2011/04/06 14:50:48.0014 3632    agp440          (507812c3054c21cef746b6ee3d04dd6eC:\Windows\system32\drivers\agp440.sys
2011/04/06 14:50:48.0060 3632    aic78xx         (8b30250d573a8f6b4bd23195160d8707C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/06 14:50:48.0138 3632    aliide          (0d40bcf52ea90fc7df2aeab6503dea44C:\Windows\system32\drivers\aliide.sys
2011/04/06 14:50:48.0170 3632    amdagp          (3c6600a0696e90a463771c7422e23ab5C:\Windows\system32\drivers\amdagp.sys
2011/04/06 14:50:48.0185 3632    amdide          (cd5914170297126b6266860198d1d4f0C:\Windows\system32\drivers\amdide.sys
2011/04/06 14:50:48.0232 3632    AmdK8           (00dda200d71bac534bf56a9db5dfd666C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/06 14:50:48.0248 3632    AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/06 14:50:48.0294 3632    amdsata         (e7f4d42d8076ec60e21715cd11743a0dC:\Windows\system32\drivers\amdsata.sys
2011/04/06 14:50:48.0326 3632    amdsbs          (ea43af0c423ff267355f74e7a53bdabaC:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/06 14:50:48.0341 3632    amdxata         (146459d2b08bfdcbfa856d9947043c81C:\Windows\system32\drivers\amdxata.sys
2011/04/06 14:50:48.0419 3632    AppID           (aea177f783e20150ace5383ee368da19C:\Windows\system32\drivers\appid.sys
2011/04/06 14:50:48.0466 3632    arc             (2932004f49677bd84dbc72edb754ffb3C:\Windows\system32\DRIVERS\arc.sys
2011/04/06 14:50:48.0482 3632    arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/06 14:50:48.0513 3632    AsyncMac        (add2ade1c2b285ab8378d2daaf991481C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/06 14:50:48.0544 3632    atapi           (338c86357871c167a96ab976519bf59eC:\Windows\system32\drivers\atapi.sys
2011/04/06 14:50:48.0591 3632    atksgt          (f0d933b42cd0594048e4d5200ae9e417C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/06 14:50:48.0638 3632    avgntflt        (47b879406246ffdced59e18d331a0e7dC:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/06 14:50:48.0669 3632    avipbb          (5fedef54757b34fb611b9ec8fb399364C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/06 14:50:48.0700 3632    b06bdrv         (1a231abec60fd316ec54c66715543cecC:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/06 14:50:48.0731 3632    b57nd60x        (bd8869eb9cde6bbe4508d869929869eeC:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/06 14:50:48.0762 3632    Beep            (505506526a9d467307b3c393dedaf858C:\Windows\system32\drivers\Beep.sys
2011/04/06 14:50:48.0794 3632    blbdrive        (2287078ed48fcfc477b05b20cf38f36fC:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/06 14:50:48.0809 3632    bowser          (fcafaef6798d7b51ff029f99a9898961C:\Windows\system32\DRIVERS\bowser.sys
2011/04/06 14:50:48.0840 3632    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/06 14:50:48.0856 3632    BrFiltUp        (56801ad62213a41f6497f96dee83755aC:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/06 14:50:48.0887 3632    Brserid         (845b8ce732e67f3b4133164868c666eaC:\Windows\System32\Drivers\Brserid.sys
2011/04/06 14:50:48.0903 3632    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6bC:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/06 14:50:48.0918 3632    BrUsbMdm        (bd456606156ba17e60a04e18016ae54bC:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/06 14:50:48.0934 3632    BrUsbSer        (af72ed54503f717a43268b3cc5faec2eC:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/06 14:50:48.0950 3632    BTHMODEM        (ed3df7c56ce0084eb2034432fc56565aC:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/06 14:50:49.0090 3632    cdfs            (77ea11b065e0a8ab902d78145ca51e10C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/06 14:50:49.0137 3632    cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9C:\Windows\system32\drivers\cdrom.sys
2011/04/06 14:50:49.0184 3632    circlass        (3fe3fe94a34df6fb06e6418d0f6a0060C:\Windows\system32\DRIVERS\circlass.sys
2011/04/06 14:50:49.0230 3632    CLFS            (635181e0e9bbf16871bf5380d71db02dC:\Windows\system32\CLFS.sys
2011/04/06 14:50:49.0277 3632    CmBatt          (dea805815e587dad1dd2c502220b5616C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/06 14:50:49.0308 3632    cmdide          (c537b1db64d495b9b4717b4d6d9edbf2C:\Windows\system32\drivers\cmdide.sys
2011/04/06 14:50:49.0355 3632    CNG             (1b675691ed940766149c93e8f4488d68C:\Windows\system32\Drivers\cng.sys
2011/04/06 14:50:49.0371 3632    Compbatt        (a6023d3823c37043986713f118a89beeC:\Windows\system32\DRIVERS\compbatt.sys
2011/04/06 14:50:49.0402 3632    CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89C:\Windows\system32\drivers\CompositeBus.sys
2011/04/06 14:50:49.0433 3632    crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/06 14:50:49.0496 3632    dc3d            (484ffbcec4091ff617494b6b0cb04eb3C:\Windows\system32\DRIVERS\dc3d.sys
2011/04/06 14:50:49.0542 3632    DfsC            (f024449c97ec1e464aaffda18593db88C:\Windows\system32\Drivers\dfsc.sys
2011/04/06 14:50:49.0574 3632    discache        (1a050b0274bfb3890703d490f330c0daC:\Windows\system32\drivers\discache.sys
2011/04/06 14:50:49.0605 3632    Disk            (565003f326f99802e68ca78f2a68e9ffC:\Windows\system32\DRIVERS\disk.sys
2011/04/06 14:50:49.0683 3632    drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4C:\Windows\system32\drivers\drmkaud.sys
2011/04/06 14:50:49.0745 3632    DXGKrnl         (23f5d28378a160352ba8f817bd8c71cbC:\Windows\System32\drivers\dxgkrnl.sys
2011/04/06 14:50:49.0808 3632    ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/06 14:50:49.0886 3632    elxstor         (0ed67910c8c326796faa00b2bf6d9d3cC:\Windows\system32\DRIVERS\elxstor.sys
2011/04/06 14:50:49.0932 3632    ErrDev          (8fc3208352dd3912c94367a206ab3f11C:\Windows\system32\drivers\errdev.sys
2011/04/06 14:50:49.0979 3632    exfat           (2dc9108d74081149cc8b651d3a26207fC:\Windows\system32\drivers\exfat.sys
2011/04/06 14:50:49.0995 3632    fastfat         (7e0ab74553476622fb6ae36f73d97d35C:\Windows\system32\drivers\fastfat.sys
2011/04/06 14:50:50.0026 3632    fdc             (e817a017f82df2a1f8cfdbda29388b29C:\Windows\system32\DRIVERS\fdc.sys
2011/04/06 14:50:50.0057 3632    FileInfo        (6cf00369c97f3cf563be99be983d13d8C:\Windows\system32\drivers\fileinfo.sys
2011/04/06 14:50:50.0073 3632    Filetrace       (42c51dc94c91da21cb9196eb64c45db9C:\Windows\system32\drivers\filetrace.sys
2011/04/06 14:50:50.0104 3632    flpydisk        (87907aa70cb3c56600f1c2fb8841579bC:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/06 14:50:50.0120 3632    FltMgr          (7520ec808e0c35e0ee6f841294316653C:\Windows\system32\drivers\fltmgr.sys
2011/04/06 14:50:50.0166 3632    FsDepends       (1a16b57943853e598cff37fe2b8cbf1dC:\Windows\system32\drivers\FsDepends.sys
2011/04/06 14:50:50.0182 3632    Fs_Rec          (a574b4360e438977038aae4bf60d79a2C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/06 14:50:50.0244 3632    fvevol          (8a73e79089b282100b9393b644cb853bC:\Windows\system32\DRIVERS\fvevol.sys
2011/04/06 14:50:50.0276 3632    gagp30kx        (65ee0c7a58b65e74ae05637418153938C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/06 14:50:50.0322 3632    GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564eC:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/06 14:50:50.0369 3632    hcw85cir        (c44e3c2bab6837db337ddee7544736dbC:\Windows\system32\drivers\hcw85cir.sys
2011/04/06 14:50:50.0416 3632    HdAudAddService (3530cad25deba7dc7de8bb51632cbc5fC:\Windows\system32\drivers\HdAudio.sys
2011/04/06 14:50:50.0463 3632    HDAudBus        (9036377b8a6c15dc2eec53e489d159b5C:\Windows\system32\drivers\HDAudBus.sys
2011/04/06 14:50:50.0494 3632    HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/06 14:50:50.0510 3632    HidBth          (89448f40e6df260c206a193a4683ba78C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/06 14:50:50.0541 3632    HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5eC:\Windows\system32\DRIVERS\hidir.sys
2011/04/06 14:50:50.0588 3632    HidUsb          (10c19f8290891af023eaec0832e1eb4dC:\Windows\system32\drivers\hidusb.sys
2011/04/06 14:50:50.0619 3632    HpSAMD          (295fdc419039090eb8b49ffdbb374549C:\Windows\system32\drivers\HpSAMD.sys
2011/04/06 14:50:50.0650 3632    HTTP            (871917b07a141bff43d76d8844d48106C:\Windows\system32\drivers\HTTP.sys
2011/04/06 14:50:50.0697 3632    hwpolicy        (0c4e035c7f105f1299258c90886c64c5C:\Windows\system32\drivers\hwpolicy.sys
2011/04/06 14:50:50.0728 3632    i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6C:\Windows\system32\drivers\i8042prt.sys
2011/04/06 14:50:50.0775 3632    iaStor          (d5edb998656e6ecf1a17c78dab019a3cC:\Windows\system32\DRIVERS\iaStor.sys
2011/04/06 14:50:50.0806 3632    iaStorV         (a3cae5d281db4cff7cff8233507ee5adC:\Windows\system32\drivers\iaStorV.sys
2011/04/06 14:50:50.0822 3632    iirsp           (4173ff5708f3236cf25195fecd742915C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/06 14:50:50.0915 3632    IntcAzAudAddService (3914ea9111dbeffaf1c68200817768adC:\Windows\system32\drivers\RTKVHDA.sys
2011/04/06 14:50:50.0962 3632    intelide        (a0f12f2c9ba6c72f3987ce780e77c130C:\Windows\system32\drivers\intelide.sys
2011/04/06 14:50:50.0993 3632    intelppm        (3b514d27bfc4accb4037bc6685f766e0C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/06 14:50:51.0009 3632    IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/06 14:50:51.0040 3632    IPMIDRV         (4bd7134618c1d2a27466a099062547bfC:\Windows\system32\drivers\IPMIDrv.sys
2011/04/06 14:50:51.0071 3632    IPNAT           (a5fa468d67abcdaa36264e463a7bb0cdC:\Windows\system32\drivers\ipnat.sys
2011/04/06 14:50:51.0102 3632    IRENUM          (42996cff20a3084a56017b7902307e9fC:\Windows\system32\drivers\irenum.sys
2011/04/06 14:50:51.0134 3632    isapnp          (1f32bb6b38f62f7df1a7ab7292638a35C:\Windows\system32\drivers\isapnp.sys
2011/04/06 14:50:51.0165 3632    iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3aeC:\Windows\system32\drivers\msiscsi.sys
2011/04/06 14:50:51.0180 3632    kbdclass        (adef52ca1aeae82b50df86b56413107eC:\Windows\system32\drivers\kbdclass.sys
2011/04/06 14:50:51.0212 3632    kbdhid          (9e3ced91863e6ee98c24794d05e27a71C:\Windows\system32\drivers\kbdhid.sys
2011/04/06 14:50:51.0258 3632    KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1C:\Windows\system32\Drivers\ksecdd.sys
2011/04/06 14:50:51.0274 3632    KSecPkg         (26c046977e85b95036453d7b88ba1820C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/06 14:50:51.0336 3632    lirsgt          (f8a7212d0864ef5e9185fb95e6623f4dC:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/06 14:50:51.0383 3632    lltdio          (f7611ec07349979da9b0ae1f18ccc7a6C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/06 14:50:51.0414 3632    LSI_FC          (eb119a53ccf2acc000ac71b065b78fefC:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/06 14:50:51.0446 3632    LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9cC:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/06 14:50:51.0461 3632    LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/06 14:50:51.0492 3632    LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/06 14:50:51.0508 3632    luafv           (6703e366cc18d3b6e534f5cf7df39ceeC:\Windows\system32\drivers\luafv.sys
2011/04/06 14:50:51.0539 3632    megasas         (0fff5b045293002ab38eb1fd1fc2fb74C:\Windows\system32\DRIVERS\megasas.sys
2011/04/06 14:50:51.0555 3632    MegaSR          (dcbab2920c75f390caf1d29f675d03d6C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/06 14:50:51.0570 3632    Modem           (f001861e5700ee84e2d4e52c712f4964C:\Windows\system32\drivers\modem.sys
2011/04/06 14:50:51.0602 3632    monitor         (79d10964de86b292320e9dfe02282a23C:\Windows\system32\DRIVERS\monitor.sys
2011/04/06 14:50:51.0617 3632    mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609C:\Windows\system32\drivers\mouclass.sys
2011/04/06 14:50:51.0633 3632    mouhid          (2c388d2cd01c9042596cf3c8f3c7b24dC:\Windows\system32\DRIVERS\mouhid.sys
2011/04/06 14:50:51.0648 3632    mountmgr        (fc8771f45ecccfd89684e38842539b9bC:\Windows\system32\drivers\mountmgr.sys
2011/04/06 14:50:51.0695 3632    mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0C:\Windows\system32\drivers\mpio.sys
2011/04/06 14:50:51.0726 3632    mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0C:\Windows\system32\drivers\mpsdrv.sys
2011/04/06 14:50:51.0789 3632    MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166aC:\Windows\system32\drivers\mrxdav.sys
2011/04/06 14:50:51.0836 3632    mrxsmb          (b272b4c3e085ea860c12f2e4faf2ffa2C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/06 14:50:51.0867 3632    mrxsmb10        (9ac33ef26c8a3ad0f117d00eb7301d03C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/06 14:50:51.0898 3632    mrxsmb20        (e0abdb5ed7e199e242a7d028e76c1d3aC:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/06 14:50:51.0945 3632    msahci          (012c5f4e9349e711e11e0f19a8589f0aC:\Windows\system32\drivers\msahci.sys
2011/04/06 14:50:51.0976 3632    msdsm           (55055f8ad8be27a64c831322a780a228C:\Windows\system32\drivers\msdsm.sys
2011/04/06 14:50:52.0007 3632    Msfs            (daefb28e3af5a76abcc2c3078c07327fC:\Windows\system32\drivers\Msfs.sys
2011/04/06 14:50:52.0023 3632    mshidkmdf       (3e1e5767043c5af9367f0056295e9f84C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/06 14:50:52.0038 3632    msisadrv        (0a4e5757ae09fa9622e3158cc1aef114C:\Windows\system32\drivers\msisadrv.sys
2011/04/06 14:50:52.0085 3632    MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/06 14:50:52.0132 3632    MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ceC:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/06 14:50:52.0163 3632    MSPQM           (f456e973590d663b1073e9c463b40932C:\Windows\system32\drivers\MSPQM.sys
2011/04/06 14:50:52.0179 3632    MsRPC           (0e008fc4819d238c51d7c93e7b41e560C:\Windows\system32\drivers\MsRPC.sys
2011/04/06 14:50:52.0210 3632    mssmbios        (fc6b9ff600cc585ea38b12589bd4e246C:\Windows\system32\drivers\mssmbios.sys
2011/04/06 14:50:52.0226 3632    MSTEE           (b42c6b921f61a6e55159b8be6cd54a36C:\Windows\system32\drivers\MSTEE.sys
2011/04/06 14:50:52.0257 3632    MTConfig        (33599130f44e1f34631cea241de8ac84C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/06 14:50:52.0272 3632    Mup             (159fad02f64e6381758c990f753bcc80C:\Windows\system32\Drivers\mup.sys
2011/04/06 14:50:52.0304 3632    NativeWifiP     (26384429fcd85d83746f63e798ab1480C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/06 14:50:52.0335 3632    NDIS            (e7c54812a2aaf43316eb6930c1ffa108C:\Windows\system32\drivers\ndis.sys
2011/04/06 14:50:52.0366 3632    NdisCap         (0e1787aa6c9191d3d319e8bafe86f80cC:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/06 14:50:52.0397 3632    NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/06 14:50:52.0444 3632    Ndisuio         (d8a65dafb3eb41cbb622745676fcd072C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/06 14:50:52.0475 3632    NdisWan         (38fbe267e7e6983311179230facb1017C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/06 14:50:52.0506 3632    NDProxy         (a4bdc541e69674fbff1a8ff00be913f2C:\Windows\system32\drivers\NDProxy.sys
2011/04/06 14:50:52.0538 3632    NetBIOS         (80b275b1ce3b0e79909db7b39af74d51C:\Windows\system32\DRIVERS\netbios.sys
2011/04/06 14:50:52.0553 3632    NetBT           (280122ddcf04b378edd1ad54d71c1e54C:\Windows\system32\DRIVERS\netbt.sys
2011/04/06 14:50:52.0616 3632    nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/06 14:50:52.0647 3632    Npfs            (1db262a9f8c087e8153d89bef3d2235fC:\Windows\system32\drivers\Npfs.sys
2011/04/06 14:50:52.0678 3632    nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58C:\Windows\system32\drivers\nsiproxy.sys
2011/04/06 14:50:52.0740 3632    Ntfs            (33c3093d09017cfe2e219f2472bff6ebC:\Windows\system32\drivers\Ntfs.sys
2011/04/06 14:50:52.0772 3632    Null            (f9756a98d69098dca8945d62858a812cC:\Windows\system32\drivers\Null.sys
2011/04/06 14:50:52.0834 3632    NVHDA           (8571011b62ce0207fa1dc95d88308f1dC:\Windows\system32\drivers\nvhda32v.sys
2011/04/06 14:50:53.0037 3632    nvlddmkm        (19f5c4949b2e4cbd2e95b8ecdfc84d25C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/06 14:50:53.0162 3632    nvraid          (af2eec9580c1d32fb7eaf105d9784061C:\Windows\system32\drivers\nvraid.sys
2011/04/06 14:50:53.0208 3632    nvstor          (9283c58ebaa2618f93482eb5dabcec82C:\Windows\system32\drivers\nvstor.sys
2011/04/06 14:50:53.0255 3632    nv_agp          (5a0983915f02bae73267cc2a041f717dC:\Windows\system32\drivers\nv_agp.sys
2011/04/06 14:50:53.0302 3632    ohci1394        (08a70a1f2cdde9bb49b885cb817a66ebC:\Windows\system32\drivers\ohci1394.sys
2011/04/06 14:50:53.0349 3632    Parport         (2ea877ed5dd9713c5ac74e8ea7348d14C:\Windows\system32\DRIVERS\parport.sys
2011/04/06 14:50:53.0364 3632    partmgr         (bf8f6af06da75b336f07e23aef97d93bC:\Windows\system32\drivers\partmgr.sys
2011/04/06 14:50:53.0396 3632    Parvdm          (eb0a59f29c19b86479d36b35983daadcC:\Windows\system32\DRIVERS\parvdm.sys
2011/04/06 14:50:53.0427 3632    pci             (673e55c3498eb970088e812ea820aa8fC:\Windows\system32\drivers\pci.sys
2011/04/06 14:50:53.0474 3632    pciide          (afe86f419014db4e5593f69ffe26ce0aC:\Windows\system32\drivers\pciide.sys
2011/04/06 14:50:53.0520 3632    pcmcia          (f396431b31693e71e8a80687ef523506C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/06 14:50:53.0536 3632    pcw             (250f6b43d2b613172035c6747aeeb19fC:\Windows\system32\drivers\pcw.sys
2011/04/06 14:50:53.0567 3632    PEAUTH          (9e0104ba49f4e6973749a02bf41344edC:\Windows\system32\drivers\peauth.sys
2011/04/06 14:50:53.0661 3632    Point32         (420336f91eb745811cf130c80ede0653C:\Windows\system32\DRIVERS\point32.sys
2011/04/06 14:50:53.0692 3632    PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2dbC:\Windows\system32\DRIVERS\raspptp.sys
2011/04/06 14:50:53.0723 3632    Processor       (85b1e3a0c7585bc4aae6899ec6fcf011C:\Windows\system32\DRIVERS\processr.sys
2011/04/06 14:50:53.0754 3632    Psched          (6270ccae2a86de6d146529fe55b3246aC:\Windows\system32\DRIVERS\pacer.sys
2011/04/06 14:50:53.0801 3632    PxHelp20        (40fedd328f98245ad201cf5f9f311724C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/06 14:50:53.0848 3632    ql2300          (ab95ecf1f6659a60ddc166d8315b0751C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/06 14:50:53.0879 3632    ql40xx          (b4dd51dd25182244b86737dc51af2270C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/06 14:50:53.0910 3632    QWAVEdrv        (584078ca1b95ca72df2a27c336f9719dC:\Windows\system32\drivers\qwavedrv.sys
2011/04/06 14:50:53.0926 3632    RasAcd          (30a81b53c766d0133bb86d234e5556abC:\Windows\system32\DRIVERS\rasacd.sys
2011/04/06 14:50:53.0973 3632    RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fdC:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/06 14:50:53.0988 3632    Rasl2tp         (d9f91eafec2815365cbe6d167e4e332aC:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/06 14:50:54.0004 3632    RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/06 14:50:54.0035 3632    RasSstp         (44101f495a83ea6401d886e7fd70096bC:\Windows\system32\DRIVERS\rassstp.sys
2011/04/06 14:50:54.0082 3632    rdbss           (d528bc58a489409ba40334ebf96a311bC:\Windows\system32\DRIVERS\rdbss.sys
2011/04/06 14:50:54.0098 3632    rdpbus          (0d8f05481cb76e70e1da06ee9f0da9dfC:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/06 14:50:54.0144 3632    RDPCDD          (23dae03f29d253ae74c44f99e515f9a1C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/06 14:50:54.0176 3632    RDPENCDD        (5a53ca1598dd4156d44196d200c94b8aC:\Windows\system32\drivers\rdpencdd.sys
2011/04/06 14:50:54.0191 3632    RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1fC:\Windows\system32\drivers\rdprefmp.sys
2011/04/06 14:50:54.0238 3632    RDPWD           (288b06960d78428ff89e811632684e20C:\Windows\system32\drivers\RDPWD.sys
2011/04/06 14:50:54.0285 3632    rdyboost        (518395321dc96fe2c9f0e96ac743b656C:\Windows\system32\drivers\rdyboost.sys
2011/04/06 14:50:54.0347 3632    rspndr          (032b0d36ad92b582d869879f5af5b928C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/06 14:50:54.0410 3632    RTL8167         (94a48c15d32d69867f03894a4e70a87aC:\Windows\system32\DRIVERS\Rt86win7.sys
2011/04/06 14:50:54.0456 3632    RTL8192su       (9ce8deffaffccbf473015d76ae8ee514C:\Windows\system32\DRIVERS\RTL8192su.sys
2011/04/06 14:50:54.0503 3632    s217bus         (0266151de3f36429f6ac3c4b28085061C:\Windows\system32\DRIVERS\s217bus.sys
2011/04/06 14:50:54.0550 3632    s217mdfl        (a43c0af0e46be7ef0c7e8ccf0f058600C:\Windows\system32\DRIVERS\s217mdfl.sys
2011/04/06 14:50:54.0597 3632    s217mdm         (005f5ded1ed8f8a9d2399d765ead20f1C:\Windows\system32\DRIVERS\s217mdm.sys
2011/04/06 14:50:54.0612 3632    s217mgmt        (de9562ad0c91e1857d11f65a91ee1a47C:\Windows\system32\DRIVERS\s217mgmt.sys
2011/04/06 14:50:54.0644 3632    s217nd5         (11cc5d7f992799e7e75d018e9c018563C:\Windows\system32\DRIVERS\s217nd5.sys
2011/04/06 14:50:54.0659 3632    s217obex        (0f9f4045799afb66b85eef999d0609ecC:\Windows\system32\DRIVERS\s217obex.sys
2011/04/06 14:50:54.0690 3632    s217unic        (1c91e1023f07b6407d84b5a43537d984C:\Windows\system32\DRIVERS\s217unic.sys
2011/04/06 14:50:54.0722 3632    sbp2port        (05d860da1040f111503ac416ccef2bcaC:\Windows\system32\drivers\sbp2port.sys
2011/04/06 14:50:54.0753 3632    scfilter        (0693b5ec673e34dc147e195779a4dcf6C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/06 14:50:54.0784 3632    secdrv          (90a3935d05b494a5a39d37e71f09a677C:\Windows\system32\drivers\secdrv.sys
2011/04/06 14:50:54.0800 3632    seehcri         (e5b56569a9f79b70314fede6c953641eC:\Windows\system32\DRIVERS\seehcri.sys
2011/04/06 14:50:54.0831 3632    Serenum         (9ad8b8b515e3df6acd4212ef465de2d1C:\Windows\system32\DRIVERS\serenum.sys
2011/04/06 14:50:54.0893 3632    Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2C:\Windows\system32\DRIVERS\serial.sys
2011/04/06 14:50:54.0987 3632    sermouse        (79bffb520327ff916a582dfea17aa813C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/06 14:50:55.0018 3632    sffdisk         (9f976e1eb233df46fce808d9dea3eb9cC:\Windows\system32\drivers\sffdisk.sys
2011/04/06 14:50:55.0049 3632    sffp_mmc        (932a68ee27833cfd57c1639d375f2731C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/06 14:50:55.0065 3632    sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982C:\Windows\system32\drivers\sffp_sd.sys
2011/04/06 14:50:55.0080 3632    sfloppy         (db96666cc8312ebc45032f30b007a547C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/06 14:50:55.0190 3632    sisagp          (2565cac0dc9fe0371bdce60832582b2eC:\Windows\system32\drivers\sisagp.sys
2011/04/06 14:50:55.0221 3632    SiSRaid2        (a9f0486851becb6dda1d89d381e71055C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/06 14:50:55.0252 3632    SiSRaid4        (3727097b55738e2f554972c3be5bc1aaC:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/06 14:50:55.0299 3632    Smb             (3e21c083b8a01cb70ba1f09303010fceC:\Windows\system32\DRIVERS\smb.sys
2011/04/06 14:50:55.0330 3632    spldr           (95cf1ae7527fb70f7816563cbc09d942C:\Windows\system32\drivers\spldr.sys
2011/04/06 14:50:55.0392 3632    srv             (112127c3b2e64d7680cc39cd0a39dd7eC:\Windows\system32\DRIVERS\srv.sys
2011/04/06 14:50:55.0424 3632    srv2            (e5dd784a4ee5ebc72a86c677c988fcdbC:\Windows\system32\DRIVERS\srv2.sys
2011/04/06 14:50:55.0470 3632    srvnet          (cdbe627e16cc9e98f343d73f8e81d258C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/06 14:50:55.0517 3632    ssmdrv          (a36ee93698802cd899f98bfd553d8185C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/06 14:50:55.0533 3632    stexstor        (db32d325c192b801df274bfd12a7e72bC:\Windows\system32\DRIVERS\stexstor.sys
2011/04/06 14:50:55.0564 3632    swenum          (e58c78a848add9610a4db6d214af5224C:\Windows\system32\drivers\swenum.sys
2011/04/06 14:50:55.0642 3632    Tcpip           (37e8fa3779668837ca9e2c36d2415949C:\Windows\system32\drivers\tcpip.sys
2011/04/06 14:50:55.0689 3632    TCPIP6          (37e8fa3779668837ca9e2c36d2415949C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/06 14:50:55.0736 3632    tcpipreg        (cca24162e055c3714ce5a88b100c64edC:\Windows\system32\drivers\tcpipreg.sys
2011/04/06 14:50:55.0751 3632    TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2C:\Windows\system32\drivers\tdpipe.sys
2011/04/06 14:50:55.0782 3632    TDTCP           (2c10395baa4847f83042813c515cc289C:\Windows\system32\drivers\tdtcp.sys
2011/04/06 14:50:55.0829 3632    tdx             (b459575348c20e8121d6039da063c704C:\Windows\system32\DRIVERS\tdx.sys
2011/04/06 14:50:55.0876 3632    TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20C:\Windows\system32\drivers\termdd.sys
2011/04/06 14:50:55.0970 3632    tssecsrv        (254bb140eee3c59d6114c1a86b636877C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/06 14:50:56.0032 3632    TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654C:\Windows\system32\drivers\tsusbflt.sys
2011/04/06 14:50:56.0079 3632    tunnel          (b2fa25d9b17a68bb93d58b0556e8c90dC:\Windows\system32\DRIVERS\tunnel.sys
2011/04/06 14:50:56.0094 3632    uagp35          (750fbcb269f4d7dd2e420c56b795db6dC:\Windows\system32\DRIVERS\uagp35.sys
2011/04/06 14:50:56.0126 3632    udfs            (ee43346c7e4b5e63e54f927babbb32ffC:\Windows\system32\DRIVERS\udfs.sys
2011/04/06 14:50:56.0157 3632    uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880C:\Windows\system32\drivers\uliagpkx.sys
2011/04/06 14:50:56.0204 3632    umbus           (d295bed4b898f0fd999fcfa9b32b071bC:\Windows\system32\drivers\umbus.sys
2011/04/06 14:50:56.0235 3632    UmPass          (7550ad0c6998ba1cb4843e920ee0feacC:\Windows\system32\DRIVERS\umpass.sys
2011/04/06 14:50:56.0266 3632    usbccgp         (7e72e7d7e0757d59481d530fd2b0bfaeC:\Windows\system32\drivers\usbccgp.sys
2011/04/06 14:50:56.0297 3632    usbcir          (04ec7cec62ec3b6d9354eee93327fc82C:\Windows\system32\drivers\usbcir.sys
2011/04/06 14:50:56.0328 3632    usbehci         (1c333bfd60f2fed2c7ad5daf533cb742C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/06 14:50:56.0344 3632    usbhub          (9d22aad9ac6a07c691a1113e5f860868C:\Windows\system32\drivers\usbhub.sys
2011/04/06 14:50:56.0375 3632    usbohci         (a6fb7957ea7afb1165991e54ce934b74C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/06 14:50:56.0391 3632    usbprint        (797d862fe0875e75c7cc4c1ad7b30252C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/06 14:50:56.0406 3632    USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1aC:\Windows\system32\drivers\USBSTOR.SYS
2011/04/06 14:50:56.0438 3632    usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/06 14:50:56.0469 3632    vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cbC:\Windows\system32\drivers\vdrvroot.sys
2011/04/06 14:50:56.0500 3632    vga             (17c408214ea61696cec9c66e388b14f3C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/06 14:50:56.0516 3632    VgaSave         (8e38096ad5c8570a6f1570a61e251561C:\Windows\System32\drivers\vga.sys
2011/04/06 14:50:56.0547 3632    vhdmp           (5461686cca2fda57b024547733ab42e3C:\Windows\system32\drivers\vhdmp.sys
2011/04/06 14:50:56.0562 3632    viaagp          (c829317a37b4bea8f39735d4b076e923C:\Windows\system32\drivers\viaagp.sys
2011/04/06 14:50:56.0594 3632    ViaC7           (e02f079a6aa107f06b16549c6e5c7b74C:\Windows\system32\DRIVERS\viac7.sys
2011/04/06 14:50:56.0609 3632    viaide          (e43574f6a56a0ee11809b48c09e4fd3cC:\Windows\system32\drivers\viaide.sys
2011/04/06 14:50:56.0625 3632    volmgr          (4c63e00f2f4b5f86ab48a58cd990f212C:\Windows\system32\drivers\volmgr.sys
2011/04/06 14:50:56.0656 3632    volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87C:\Windows\system32\drivers\volmgrx.sys
2011/04/06 14:50:56.0687 3632    volsnap         (f497f67932c6fa693d7de2780631cfe7C:\Windows\system32\drivers\volsnap.sys
2011/04/06 14:50:56.0734 3632    vsmraid         (9dfa0cc2f8855a04816729651175b631C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/06 14:50:56.0750 3632    vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/06 14:50:56.0796 3632    vwififlt        (7090d3436eeb4e7da3373090a23448f7C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/06 14:50:56.0812 3632    vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/06 14:50:56.0859 3632    WacomPen        (de3721e89c653aa281428c8a69745d90C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/06 14:50:56.0906 3632    WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2eC:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 14:50:56.0921 3632    Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2eC:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 14:50:56.0952 3632    Wd              (1112a9badacb47b7c0bb0392e3158dffC:\Windows\system32\DRIVERS\wd.sys
2011/04/06 14:50:56.0984 3632    Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73C:\Windows\system32\drivers\Wdf01000.sys
2011/04/06 14:50:57.0030 3632    WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/06 14:50:57.0046 3632    WIMMount        (5cf95b35e59e2a38023836fff31be64cC:\Windows\system32\drivers\wimmount.sys
2011/04/06 14:50:57.0108 3632    WinUsb          (a67e5f9a400f3bd1be3d80613b45f708C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/06 14:50:57.0140 3632    WmiAcpi         (0217679b8fca58714c3bf2726d2ca84eC:\Windows\system32\drivers\wmiacpi.sys
2011/04/06 14:50:57.0186 3632    ws2ifsl         (6db3276587b853bf886b69528fdb048cC:\Windows\system32\drivers\ws2ifsl.sys
2011/04/06 14:50:57.0233 3632    WudfPf          (e714a1c0354636837e20ccbf00888ee7C:\Windows\system32\drivers\WudfPf.sys
2011/04/06 14:50:57.0296 3632    WUDFRd          (1023ee888c9b47178c5293ed5336ab69C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/06 14:50:57.0342 3632    ================================================================================
2011/04/06 14:50:57.0342 3632    Scan finished
2011/04/06 14:50:57.0342 3632    ================================================================================ 

cosinus 06.04.2011 14:29
Zitat:
da ist nur ein tool von norman und ein anderes.
Ich hab doch extra KASPERSKY geschrieben :pfeiff:

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Kronski 06.04.2011 16:05
Google verlinkt mich jetzt aber richtig.
soll ich jetzt immer noch die sachen durchführen.
vor kurzen habe ich mein Passwort geendert.
nach nem neustart nach der Passwort enderung hat auf einmal der svchost den Prozessor auf hundert Prozent gebracht.
ist das besorgniss erregend?

cosinus 06.04.2011 16:16
Bitte poste die Logs! Wir sind fertig wenn es soweit ist!

Kronski 06.04.2011 19:46
hier ist das GMER logfile

GMER Logfile:
Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-06 20:44:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0
Running: sy72r0s3.exe; Driver: C:\Users\Kobi\AppData\Local\Temp\pglyiuob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13C1                                                                      83059339 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                            83092D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.reloc          C:\Windows\system32\drivers\acehlp09.sys                                                          section is executable [0x91319780, 0x28F7A, 0xE0000060]
.reloc          C:\Windows\system32\drivers\acedrv09.sys                                                          section is executable [0x9DB82000, 0x4E05A, 0xE0000060]
.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                          section is executable [0xA141F300, 0x25D4C, 0xE0000060]
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                            section is writeable [0xA1446300, 0x3B6D8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                            section is writeable [0xA1489300, 0x1BEE, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                    [73B72437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]              [73B55600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]              [73B556BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                    [73B724B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]          [73B68514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]            [73B64CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]            [73B6506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]          [73B65144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]  [73B66671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]            [73B6826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]      [73B687BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]    [73B6901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]          [73B6E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3184] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]              [73B64BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                             
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSE05.00.00.01PRO                          8092E1CB116445857736E8BAA23EF748B32F55DEBC17BF3589968D5DDD320A42505133009E53DB7AA6B886FE60B95BCF07E62358C82430FBAD0605320D76B968462F64D38ED709B47D6158AEC975B53E4603576E10CA7CC50B73F9A6967C309499AC16834FC0F9C26DF9A414195C6B04C0B37D9E3CAC5C056F99DC8831BF1C58332E3FCC460375F79E2D867F027BF754F70F75E96B0E9F6E5B17F2AA89DD4389AFF8A9F149B5D1EBEA8D6D4429026626268D7153AE59A8FA83ED53E0BCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C5D575E7D6A3B9808C038D530D6EB34520FB35DAA78F93578F9E42D7C009F167EC01BA6F14F9DE29CB535455936DAED6A70433C6B94A299D461695331A435C766648E58B7E89B49E76FE197971352E44CCBA272448DBF70EBE14A77B48C7F779091F311D62E7970D51E2648D3B2CA7FCE295912A237FB57083BE1A8F20F8D9255E11A82D7224DB5E8546549D4E0FE2E40B47FEBAC4758ECE7D49FBE8CEC44897F94E3A3782BFEFC194B19D1944EFE63E840431BB9D42856BC38045057C6DCD24C8DC9AE2B954F2CD25ECC5CC20FAB967F4064F9D25F143DAC12273CD9A4646770D2D4219390CD2E770CA029411CBD4433CDBA28B9C6174E5236B123D16F3AC59290273

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 06.04.2011 19:49
Das ist unauffällig. Poste bitte auch noch die anderen.

Kronski 06.04.2011 19:55
hier ist das osam logfile:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:54:30 on 06.04.2011

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv09" (acedrv09) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv09.sys
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"acehlp09" (acehlp09) - "Protect Software GmbH" - C:\Windows\system32\drivers\acehlp09.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Kobi\AppData\Local\Temp\catchme.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"pglyiuob" (pglyiuob) - ? - C:\Users\Kobi\AppData\Local\Temp\pglyiuob.sys  (Hidden registry entry, rootkit activity | File not found)
"sptd" (sptd) - ? - C:\Windows\system32\drivers\sptd.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{6230EF55-8E71-4F40-861A-DBA282584FF5} "AVSVideoConverter Object" - "Online Media Technologies Ltd." - C:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "Touch Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcpltouch.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - c:\Program Files\Microsoft IntelliPoint\ipcplwir.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
GameJackalShlExt extension "{D1AE07A0-C0E1-11DE-B1EB-070556D89593}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{32099AAC-C132-4136-9E9A-4E364A424E17}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{1E3F1348-4370-4BBE-A67A-CC7ED824CA85} "Microsoft Genuine Advantage Self Support Tool" - "Microsoft Corporation" - C:\Windows\system32\SelfHelpControl.DLL / hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"IntelliPoint" - "Microsoft Corporation" - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_a35e6b9.dll  (File found, but it contains no detailed information)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/PHP]

Kronski 06.04.2011 20:23
zu letzt ist hier das logfile von MBRCheck:

PHP-Code:
MBRCheckversion 1.2.3
(c2010AD

Command-line:            
Windows Version:        Windows 7 Home Premium Edition
Windows Information:        Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer:    MEDIONPC
BIOS Manufacturer:        American Megatrends Inc.
System Manufacturer:        MEDIONPC
System Product Name:        MS-7616
Logical Drives Mask:        0x000000fc

Kernel Drivers (total 188):
  0x83037000 \SystemRoot\system32\ntkrnlpa.exe
  0x83000000 \SystemRoot\system32\halmacpi.dll
  0x80B96000 \SystemRoot\system32\kdcom.dll
  0x83601000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x83686000 \SystemRoot\system32\PSHED.dll
  0x83697000 \SystemRoot\system32\BOOTVID.dll
  0x8369F000 \SystemRoot\system32\CLFS.SYS
  0x836E1000 \SystemRoot\system32\CI.dll
  0x8378C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8B413000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8B421000 \SystemRoot\system32\drivers\ACPI.sys
  0x8B469000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8B472000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8B47A000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x8B485000 \SystemRoot\system32\drivers\pci.sys
  0x8B4AF000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B4C0000 \SystemRoot\system32\drivers\volmgr.sys
  0x8B4D0000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8B51B000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8B62D000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8B7E0000 \SystemRoot\system32\drivers\amdxata.sys
  0x8B531000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8B7E9000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8B600000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x8B812000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B941000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8B96C000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B97F000 \SystemRoot\System32\Drivers\cng.sys
  0x8B9DC000 \SystemRoot\System32\drivers\pcw.sys
  0x8B9EA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8BA31000 \SystemRoot\system32\drivers\ndis.sys
  0x8BAE8000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8BB26000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8BC37000 \SystemRoot\System32\drivers\tcpip.sys
  0x8BD81000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8BDB2000 \SystemRoot\system32\drivers\volsnap.sys
  0x8BDF1000 \SystemRoot\System32\Drivers\spldr.sys
  0x8BC00000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8BB4B000 \SystemRoot\System32\Drivers\mup.sys
  0x8BC2D000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8BB5B000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8BB8D000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8BB9E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x90611000 \SystemRoot\system32\drivers\cdrom.sys
  0x90630000 \SystemRoot\System32\Drivers\Null.SYS
  0x90637000 \SystemRoot\System32\Drivers\Beep.SYS
  0x907F2000 \SystemRoot\System32\drivers\vga.sys
  0x8BBD0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8BBF1000 \SystemRoot\System32\drivers\watchdog.sys
  0x8BA00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8BA08000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8BA10000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8BA18000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8BA23000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8B60A000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8B9F3000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8B565000 \SystemRoot\system32\drivers\afd.sys
  0x8B5BF000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8BDF9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x90A23000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90A42000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x90A53000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x90A61000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x90A74000 \SystemRoot\system32\drivers\termdd.sys
  0x90A85000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x90A8B000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90ACC000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x90AD6000 \SystemRoot\system32\drivers\mssmbios.sys
  0x90AE0000 \SystemRoot\System32\drivers\discache.sys
  0x90AEC000 \SystemRoot\System32\Drivers\dfsc.sys
  0x90B04000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x90B12000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x90B38000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x90B59000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x9382C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x94326000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x94328000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x90B6B000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x943DF000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x90BA4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x93800000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x9222C000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
  0x9227E000 \SystemRoot\system32\drivers\1394ohci.sys
  0x922AB000 \SystemRoot\system32\drivers\i8042prt.sys
  0x922C3000 \SystemRoot\system32\drivers\kbdclass.sys
  0x922D0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x922D6000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x922E3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x922F5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x9230D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x92318000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x9233A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x92352000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x92369000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x92380000 \SystemRoot\system32\drivers\mouclass.sys
  0x9238D000 \SystemRoot\system32\DRIVERS\seehcri.sys
  0x92393000 \SystemRoot\system32\drivers\swenum.sys
  0x92395000 \SystemRoot\system32\drivers\ks.sys
  0x923C9000 \SystemRoot\system32\drivers\umbus.sys
  0x92005000 \SystemRoot\system32\drivers\usbhub.sys
  0x92049000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x9481F000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x94ABC000 \SystemRoot\system32\drivers\portcls.sys
  0x94AEB000 \SystemRoot\system32\drivers\drmk.sys
  0x95C30000 \SystemRoot\System32\win32k.sys
  0x94B04000 \SystemRoot\System32\drivers\Dxapi.sys
  0x94B0E000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x9063E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x94B1B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x94B2C000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x94B37000 \SystemRoot\system32\drivers\hidusb.sys
  0x94B42000 \SystemRoot\system32\drivers\HIDCLASS.SYS
  0x94B55000 \SystemRoot\system32\drivers\HIDPARSE.SYS
  0x94B5C000 \SystemRoot\system32\drivers\USBD.SYS
  0x95E90000 \SystemRoot\System32\TSDDD.dll
  0x95EC0000 \SystemRoot\System32\cdd.dll
  0x95EE0000 \SystemRoot\System32\ATMFD.DLL
  0x94B5E000 \SystemRoot\system32\drivers\usbccgp.sys
  0x94B75000 \SystemRoot\system32\DRIVERS\dc3d.sys
  0x94B7F000 \SystemRoot\system32\drivers\kbdhid.sys
  0x94B8B000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x94B96000 \SystemRoot\system32\DRIVERS\point32.sys
  0x94B9F000 \SystemRoot\system32\drivers\luafv.sys
  0x94BBA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x94BCF000 \SystemRoot\system32\drivers\WudfPf.sys
  0x94BE9000 \SystemRoot\system32\drivers\USBSTOR.SYS
  0x9205A000 \SystemRoot\system32\DRIVERS\RTL8192su.sys
  0x94800000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x9480A000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x92103000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x92149000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x92159000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9216C000 \SystemRoot\system32\DRIVERS\vwifimp.sys
  0x92175000 \SystemRoot\system32\drivers\HTTP.sys
  0x923D7000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x92200000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x90A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9F61C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9F657000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9F68A000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x9F6CD000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0x9F6D2000 \SystemRoot\system32\drivers\peauth.sys
  0x9F769000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9F773000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9F794000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9F7A1000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA1434000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA1485000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA14A6000 \SystemRoot\system32\drivers\spsys.sys
  0x77A40000 \Windows\System32\ntdll.dll
  0x482B0000 \Windows\System32\smss.exe
  0x77C80000 \Windows\System32\apisetschema.dll
  0x007D0000 \Windows\System32\autochk.exe
  0x77BA0000 \Windows\System32\msctf.dll
  0x778A0000 \Windows\System32\setupapi.dll
  0x77850000 \Windows\System32\gdi32.dll
  0x777A0000 \Windows\System32\msvcrt.dll
  0x77B90000 \Windows\System32\nsi.dll
  0x77B80000 \Windows\System32\lpk.dll
  0x77740000 \Windows\System32\shlwapi.dll
  0x77660000 \Windows\System32\kernel32.dll
  0x77500000 \Windows\System32\ole32.dll
  0x77450000 \Windows\System32\rpcrt4.dll
  0x77410000 \Windows\System32\ws2_32.dll
  0x773C0000 \Windows\System32\Wldap32.dll
  0x772B0000 \Windows\System32\urlmon.dll
  0x77220000 \Windows\System32\oleaut32.dll
  0x771A0000 \Windows\System32\comdlg32.dll
  0x77180000 \Windows\System32\sechost.dll
  0x77120000 \Windows\System32\difxapi.dll
  0x76F60000 \Windows\System32\iertutil.dll
  0x76E90000 \Windows\System32\user32.dll
  0x76E70000 \Windows\System32\imm32.dll
  0x76D50000 \Windows\System32\wininet.dll
  0x76CB0000 \Windows\System32\usp10.dll
  0x76C10000 \Windows\System32\advapi32.dll
  0x76B80000 \Windows\System32\clbcatq.dll
  0x76B70000 \Windows\System32\psapi.dll
  0x76B40000 \Windows\System32\imagehlp.dll
  0x76B30000 \Windows\System32\normaliz.dll
  0x75EE0000 \Windows\System32\shell32.dll
  0x75EB0000 \Windows\System32\cfgmgr32.dll
  0x75E90000 \Windows\System32\devobj.dll
  0x75E40000 \Windows\System32\KernelBase.dll
  0x75D20000 \Windows\System32\crypt32.dll
  0x75C90000 \Windows\System32\comctl32.dll
  0x75C60000 \Windows\System32\wintrust.dll
  0x75C50000 \Windows\System32\msasn1.dll

Processes (total 56):
       0 System Idle Process
       4 System
     284 C:\Windows\System32\smss.exe
     424 csrss.exe
     480 C:\Windows\System32\wininit.exe
     488 csrss.exe
     536 C:\Windows\System32\services.exe
     552 C:\Windows\System32\lsass.exe
     560 C:\Windows\System32\lsm.exe
     616 C:\Windows\System32\winlogon.exe
     708 C:\Windows\System32\svchost.exe
     804 C:\Windows\System32\nvvsvc.exe
     844 C:\Windows\System32\svchost.exe
     928 C:\Windows\System32\svchost.exe
     968 C:\Windows\System32\svchost.exe
     996 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\audiodg.exe
    1132 C:\Windows\System32\svchost.exe
    1248 C:\Windows\System32\nvvsvc.exe
    1272 C:\Windows\System32\svchost.exe
    1544 C:\Windows\System32\spoolsv.exe
    1572 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1600 C:\Windows\System32\svchost.exe
    1724 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1756 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1764 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1772 C:\Windows\System32\conhost.exe
    1816 C:\Program Files\Bonjour\mDNSResponder.exe
    1856 C:\Windows\System32\svchost.exe
    1908 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    1992 C:\Windows\System32\PSIService.exe
    2012 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
     116 C:\Windows\System32\svchost.exe
     316 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    1536 C:\Program Files\Intel\Intel(RRapid Storage Technology\IAStorDataMgrSvc.exe
     124 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2408 C:\Windows\System32\taskhost.exe
    2464 C:\Windows\System32\taskeng.exe
    2520 C:\Windows\System32\dwm.exe
    2644 C:\Windows\explorer.exe
    2824 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2980 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    3004 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    3032 C:\Program Files\Windows Sidebar\sidebar.exe
    3088 WUDFHost.exe
    3228 C:\Windows\System32\svchost.exe
    3964 C:\Windows\System32\svchost.exe
    1080 dllhost.exe
    3588 C:\Program Files\Mozilla Firefox\firefox.exe
    3836 C:\Program Files\Google\Update\GoogleUpdate.exe
    1736 C:\Windows\System32\sppsvc.exe
    1928 C:\Windows\System32\svchost.exe
    3044 dllhost.exe
    2880 dllhost.exe
    2624 C:\Users\Kobi\Desktop\MBRCheck.exe
    2348 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e3`a0b00000  (NTFS)

PhysicalDrive0 Model NumberWDCWD10EARS-00Y5B1Rev80.00A80

      Size  Device Name          MBR Status
  --------------------------------------------
    931 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA14379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done

cosinus 06.04.2011 22:45
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Kronski 07.04.2011 14:04
zuerst das logfile von SUPER:

PHP-Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/07/2011 at 02:09 PM

Application Version 4.50.1002

Core Rules Database Version 6771
Trace Rules Database Version4583

Scan type       Complete Scan
Total Scan Time 00:26:45

Memory items scanned      710
Memory threats detected   0
Registry items scanned    11418
Registry threats detected 0
File items scanned        33966
File threats detected     1

Trojan.Agent/Gen-Falcomp[Cont]
    C:\WINDOWS\SYSTEM32\WAVEMSPB.DLL 
jetzt das von Malwarebytes:

PHP-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6298

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.04.2011 14:42:04
mbam-log-2011-04-07 (14-42-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 323854
Laufzeit: 32 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden) 

cosinus 07.04.2011 14:42
Nur ein Überrest, kannste löschen.
Rechner sonst wieder ok?

Kronski 07.04.2011 15:23
ich muss mich echt bedanken für die schnelle und kompetente Hilfe.
:daumenhoc:daumenhoc:daumenhoc

cosinus 07.04.2011 15:26
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:24 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130