Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.) (https://www.trojaner-board.de/98411-tr-kazy-mekml-1-allen-symtomen-daten-unsichtbar-festplattenfehler-usw.html)

froosl 28.04.2011 16:28
TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.)
 
Hallo,
ich habe mir auch diesen Trojaner eingefangen. OTL habe ich erledigt, die entsprechenden Dateien usw. wurden gefunden und entfernt.

Mein Hauptproblem ist jetzt allerdings, dass ich im Explorer sämtliche Dateien nicht finden kann. Vor allem sämtliche Bilder und Musikdateien sind nicht mehr auffindbar.

Internet Explorer funktioniert zwar wieder, ist aber von der Darstellung her nicht wie bisher.

Auf dem Desktop sind die Links usw. auch nicht mehr vorhanden.

cosinus 29.04.2011 13:53
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

froosl 29.04.2011 16:38
Hallo,
das habe ich alles erledigt, die Dateien sind jetzt auch alle wieder vorhanden. Allerdings ist die Bildschirmanzeige vergrößert bzw. etwas unscharf. Bereits bei der Anmeldung sind die Buttons größer als bisher.

Liegt hier das Problem eventuell noch an einem fehlenden Treiber der Grafikkarte?

Grüße und jetzt schon vielen Dank

froosl 29.04.2011 18:35
So, hier die Malware-Meldung:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6472

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

29.04.2011 19:33:14
mbam-log-2011-04-29 (19-33-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 333686
Laufzeit: 1 Stunde(n), 41 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

froosl 29.04.2011 19:14
So, hier noch die OTL´s:OTL Logfile:
Code:
OTL Extras logfile created on: 29.04.2011 19:36:08 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\tanja\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 195,86 Gb Free Space | 84,10% Space Free | Partition Type: NTFS
 
Computer Name: TANJA-PC | User Name: tanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E4080A2-4DFE-447A-89C5-294B5F8AFC54}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0EDDA007-FD65-46AF-89F4-1AC92E83C30A}" = lport=445 | protocol=6 | dir=in | app=system |
"{18DF71C7-942F-4188-8C99-17D015E86AE3}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A8669AD-2D6D-4B6E-AB10-19B3568625EF}" = lport=137 | protocol=17 | dir=in | app=system |
"{533FF4FC-3380-4738-BD98-C17E686D3521}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{53CEAAB8-4874-4D71-B2F7-4AF629F1A105}" = lport=138 | protocol=17 | dir=in | app=system |
"{71BFB6E2-3E93-4926-A84B-03AA555B5B9D}" = rport=445 | protocol=6 | dir=out | app=system |
"{AEFD7D35-41B2-4898-B80B-F3495412F5DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{B2087C5F-4404-4F8C-8729-DF144A316DA9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B44CB042-F8EF-4E5A-9370-EB16A8CC5617}" = lport=139 | protocol=6 | dir=in | app=system |
"{DB0A47E9-0590-4F3F-8286-293B08AEE3F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FCD16410-4192-4F98-A64C-C7BE1BFC825E}" = rport=138 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21E66A03-70A0-4BF0-BE99-F75012840F1E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2FC616A3-0BCD-4071-B8AB-185F7E742DB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{370DAC5C-E88E-4629-8864-875264EA4438}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{503906D1-11BB-48E4-B1A5-49F8B83B71D9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5375EF57-FA49-46D2-8D26-8AEFF09C4A04}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{57BAE173-1FA5-418A-95D3-4EC98114C574}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5F777A5C-DAF8-4DC3-A382-69CE3D9608E7}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{6DD883D7-6C64-48E2-9420-193E37B16C08}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{72CB9BCF-EE32-4B0E-AB33-D7E4CB50587B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7389CCD4-CDF6-44CA-9CCE-BB46741CBEE1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{816C9D53-7382-473F-AF53-232AB9F734D2}" = dir=in | app=c:\program files\finalmediaplayer\fmpcheckforupdates.exe |
"{A619F510-808A-4100-B717-241278A59F9A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B2489612-AB6D-4B8B-B6E8-D3AA5838CD1B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{C217537B-B728-4A63-AF21-D8BBEDD0A6D6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CCE364AA-E71D-413D-A5F6-781B9BE085FB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DEC51382-E5B5-4F03-B708-FE7F975C5C17}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F3429D8E-2F33-4643-83F3-498279262998}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{2E41DDC9-C91C-4AEE-B767-725D2A912AD6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{4077F823-CE28-48BA-9269-7729D806AB8D}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{56301984-0906-404C-8B33-B9BAB7738144}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{855256BC-1F13-48A8-9EC4-D3824A02DEED}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{9E34CA35-2476-4E2F-874D-56D2462641E2}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{AA3C790B-AFB0-42AA-845D-948A260A36E3}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{E4F2FF89-DFD7-441A-B687-88CAB02E9F42}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{EC7AA552-11F2-4E73-92E6-15C6968666D3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{18B7BD88-C625-4729-8B9A-057AE3DDD519}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{265B3848-9370-4FA4-A6DB-77F338615A25}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{301E8F78-56EC-4B3E-88C9-BC613AAC57F5}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{455DC5BC-FBEC-4F2E-A99C-385F2C2C7D38}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{5FB79144-A7FA-4625-8AD1-FBF9A98BEFCD}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{672E29E8-A0F8-45F0-84FF-E65598988693}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{C7F213A2-6D72-464A-B112-95F4956E9C59}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{D9C3F28A-A41C-4E26-8F70-68A32427DCFB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1C34CDB8-113E-1075-2689-286A54CF50AD}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{26B318E5-56E1-02AD-0005-868DD19E8B4A}" = Catalyst Control Center Localization German
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BEA657F-D1A0-5978-D8FA-E4541E2717FB}" = Catalyst Control Center Graphics Full New
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{48142A2C-F339-A6D4-D485-7D82C6E829F8}" = ccc-utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52CC81B2-19E8-E159-EF1C-F737762D99D2}" = Catalyst Control Center Graphics Previews Vista
"{558FF444-F562-4E4C-98BD-7B20EE184D2E}" = Catalyst Control Center - Branding
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software  1.12.33.2
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619B5360-FB03-D666-6C84-7982E1B1EE63}" = ccc-core-static
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73224864-7DAB-305E-2705-85109D8D4C7C}" = Skins
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83B41111-C648-3AF1-CB40-38BFBDDA445F}" = Catalyst Control Center Core Implementation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F238A60-C445-4B81-8EDE-07DC924E98F8}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{A1399B3E-93A8-E865-EC9B-6B452E3094E5}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B95197E0-3A42-8935-8CC8-86E2238B62D2}" = CCC Help English
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E3778D3F-0038-F606-CE2A-C82B4398B05A}" = Catalyst Control Center Graphics Previews Common
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F4FF044B-D02A-FFA9-0F7D-3EE46B788A42}" = Catalyst Control Center Graphics Light
"{F5EE4ED1-E6E8-A5F0-A95D-A20FF0767345}" = ATI Catalyst Install Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEA65C4D-382F-D881-D29E-E5FDD76DDD7F}" = CCC Help German
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"conduitEngine" = Conduit Engine
"dm-Fotowelt" = dm-Fotowelt
"FinalMediaPlayer_is1" = Final Media Player 2011
"Free RAR Extract Frog" = Free RAR Extract Frog
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NVIDIA Drivers" = NVIDIA Drivers
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Stellar Phoenix Windows Data Recovery-Home_is1" = Stellar Phoenix Windows Data Recovery-Home
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"TuneUpMedia" = TuneUp Companion 1.9.0
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.10.2010 14:07:03 | Computer Name = tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 24.10.2010 00:17:57 | Computer Name = tanja-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.10.2010 00:18:11 | Computer Name = tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 24.10.2010 00:18:11 | Computer Name = tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 24.10.2010 12:50:09 | Computer Name = tanja-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.10.2010 12:50:19 | Computer Name = tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 24.10.2010 12:50:19 | Computer Name = tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 24.10.2010 14:34:54 | Computer Name = tanja-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.10.2010 14:35:04 | Computer Name = tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 24.10.2010 14:35:04 | Computer Name = tanja-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 29.04.2011 02:56:33 | Computer Name = tanja-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.04.2011 02:56:33 | Computer Name = tanja-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.04.2011 02:56:33 | Computer Name = tanja-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.04.2011 02:57:08 | Computer Name = tanja-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 29.04.2011 11:35:57 | Computer Name = tanja-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.04.2011 11:35:57 | Computer Name = tanja-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 29.04.2011 11:35:57 | Computer Name = tanja-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.04.2011 11:35:57 | Computer Name = tanja-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.04.2011 11:35:57 | Computer Name = tanja-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.04.2011 11:36:00 | Computer Name = tanja-PC | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >
--- --- ---



---------------------------------------------------------------------------------------------


und hier die andere Textmeldung:OTL Logfile:
Code:
OTL logfile created on: 29.04.2011 19:36:08 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\tanja\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 195,86 Gb Free Space | 84,10% Space Free | Partition Type: NTFS
 
Computer Name: TANJA-PC | User Name: tanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\tanja\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Napster\napster.exe (Napster)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\tanja\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Recovery Service for Windows) --  File not found
SRV - (CSObjectsSrv) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
SRV - (STacSV) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe (IDT, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AESTFilters) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ezSharedSvc) -- C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\WINDOWS\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\WINDOWS\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s1018mdm) -- C:\WINDOWS\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\WINDOWS\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\WINDOWS\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\WINDOWS\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\WINDOWS\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\WINDOWS\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (JMCR) -- C:\WINDOWS\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\WINDOWS\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (enecir) -- C:\WINDOWS\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (seehcri) -- C:\WINDOWS\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
O1 HOSTS File: ([2011.04.28 15:10:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [StartCCC]  File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.29 17:50:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.29 17:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.29 17:50:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.29 17:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.28 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011.04.28 21:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011.04.28 21:49:26 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Ashampoo
[2011.04.28 21:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\MyAshampoo
[2011.04.28 21:49:11 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\ashampoo
[2011.04.28 21:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2011.04.28 21:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2011.04.28 21:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2011.04.28 16:42:17 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Avira
[2011.04.28 15:21:02 | 000,000,000 | ---D | C] -- C:\Log
[2011.04.28 15:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.04.28 15:20:48 | 001,207,808 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\PhoenixDll.dll
[2011.04.28 15:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Windows Data Recovery-Home
[2011.04.28 15:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery
[2011.04.28 15:14:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.28 15:10:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.04.28 14:33:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.04.28 14:33:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.04.28 14:33:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.04.28 14:33:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.28 14:33:33 | 000,000,000 | ---D | C] -- C:\cofi
[2011.04.28 14:32:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.28 14:32:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.04.28 14:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.04.28 14:20:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.04.28 14:20:50 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.04.28 14:20:50 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.04.28 14:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.04.28 14:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.04.28 14:02:54 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\TrojanHunter
[2011.04.28 14:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.3
[2011.04.28 13:51:10 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.28 13:51:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.28 13:51:02 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.28 13:50:16 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\PackageAware
[2011.04.28 13:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro
[2011.04.26 23:47:30 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Malwarebytes
[2011.04.26 23:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.26 23:28:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.26 22:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.04.26 22:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch
[2011.04.26 22:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE
[2011.04.26 22:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.04.26 22:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011.04.26 22:20:26 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.04.26 22:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011.04.14 22:04:35 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.04.14 07:26:23 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 07:26:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 07:26:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.14 07:26:13 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 07:26:13 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 07:26:13 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.14 07:26:13 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 07:26:13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.14 07:26:12 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 07:26:12 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.14 07:26:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.14 07:26:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.14 07:26:12 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.14 07:26:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.14 07:26:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.14 07:26:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.14 07:26:11 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.14 07:26:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.14 07:26:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.14 07:26:07 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 07:26:06 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 07:26:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 07:26:00 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 07:25:56 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.14 07:25:56 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.03.31 21:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Companion
[2011.03.31 21:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2011.03.31 21:48:33 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\TuneUpMedia
[2011.03.31 21:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2011.03.31 21:47:53 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\Canneverbe Limited
[2011.03.31 21:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011.03.31 21:47:44 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Local\OpenCandy
[2011.03.31 21:47:43 | 000,000,000 | ---D | C] -- C:\Users\tanja\AppData\Roaming\OpenCandy
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.29 19:34:25 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.29 19:34:25 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.29 19:29:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.29 17:40:21 | 000,007,512 | ---- | M] () -- C:\Users\tanja\AppData\Local\d3d9caps.dat
[2011.04.29 17:37:29 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5A0E6B98-E418-4C22-8278-7F04489B1D46}.job
[2011.04.29 17:35:42 | 000,000,263 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.04.29 17:35:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.29 17:35:15 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2011.04.29 17:34:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.29 17:34:16 | 2145,214,464 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.29 09:19:56 | 000,007,267 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.28 21:49:11 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
[2011.04.28 21:24:35 | 000,504,657 | ---- | M] () -- C:\Users\tanja\Desktop\unhide.exe
[2011.04.28 18:15:02 | 000,323,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.28 17:30:38 | 000,000,552 | ---- | M] () -- C:\Users\tanja\AppData\Local\d3d8caps.dat
[2011.04.28 15:48:47 | 000,000,104 | ---- | M] () -- C:\Users\tanja\Desktop\Netzwerk - Verknüpfung.lnk
[2011.04.28 15:47:08 | 000,000,070 | ---- | M] () -- C:\Windows\spwdrhag.INI
[2011.04.28 15:10:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.04.28 14:21:01 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.04.28 14:07:08 | 000,000,000 | ---- | M] () -- C:\Windows\System32\atiicdxx.dat
[2011.04.28 14:00:59 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll
[2011.04.26 22:27:20 | 000,000,392 | ---- | M] () -- C:\ProgramData\42589960
[2011.04.26 22:24:55 | 000,000,144 | ---- | M] () -- C:\ProgramData\~42589960r
[2011.04.26 22:24:55 | 000,000,128 | ---- | M] () -- C:\ProgramData\~42589960
[2011.04.26 22:20:26 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.04.26 21:46:29 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 21:46:29 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 21:46:29 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 21:46:29 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.01 17:07:25 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.04.01 17:07:25 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2011.04.28 21:49:10 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
[2011.04.28 21:24:18 | 000,504,657 | ---- | C] () -- C:\Users\tanja\Desktop\unhide.exe
[2011.04.28 17:30:38 | 000,000,552 | ---- | C] () -- C:\Users\tanja\AppData\Local\d3d8caps.dat
[2011.04.28 15:48:47 | 000,000,104 | ---- | C] () -- C:\Users\tanja\Desktop\Netzwerk - Verknüpfung.lnk
[2011.04.28 15:20:48 | 000,178,176 | ---- | C] () -- C:\Windows\System32\StellarProfile.dll
[2011.04.28 15:20:48 | 000,000,070 | ---- | C] () -- C:\Windows\spwdrhag.INI
[2011.04.28 14:33:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.28 14:33:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.28 14:33:43 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.28 14:33:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.28 14:33:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.04.28 14:21:01 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.04.28 14:07:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.04.28 14:00:53 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2011.04.26 22:24:55 | 000,000,144 | ---- | C] () -- C:\ProgramData\~42589960r
[2011.04.26 22:24:55 | 000,000,128 | ---- | C] () -- C:\ProgramData\~42589960
[2011.04.26 22:24:50 | 000,000,392 | ---- | C] () -- C:\ProgramData\42589960
[2010.06.26 07:17:35 | 000,007,512 | ---- | C] () -- C:\Users\tanja\AppData\Local\d3d9caps.dat
[2010.03.13 14:01:36 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.09.25 20:03:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.25 20:03:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.17 06:07:55 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.06.16 21:53:05 | 000,000,098 | ---- | C] () -- C:\Users\tanja\AppData\Roaming\wklnhst.dat
[2009.06.14 13:56:19 | 000,003,584 | ---- | C] () -- C:\Users\tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.20 08:06:35 | 000,007,267 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.02.20 12:21:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.01.28 10:08:03 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.01.28 09:51:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.01.27 13:53:51 | 000,028,599 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.01.27 13:53:51 | 000,028,599 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.09.29 00:51:26 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.09.29 00:09:32 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.07.02 18:10:15 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.02 18:10:15 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.02 18:10:15 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.02 18:10:15 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.02 09:51:54 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008.03.05 05:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,323,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

< End of report >
--- --- ---

froosl 29.04.2011 19:19
Zitat:
Zitat von froosl (Beitrag 649606)
Hallo,
das habe ich alles erledigt, die Dateien sind jetzt auch alle wieder vorhanden. Allerdings ist die Bildschirmanzeige vergrößert bzw. etwas unscharf. Bereits bei der Anmeldung sind die Buttons größer als bisher.

Liegt hier das Problem eventuell noch an einem fehlenden Treiber der Grafikkarte?

Grüße und jetzt schon vielen Dank
hier noch die letzte Malwaredateimeldung, hatte ich vergessen:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6450

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

27.04.2011 06:36:26
mbam-log-2011-04-27 (06-36-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 331109
Laufzeit: 1 Stunde(n), 8 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\tanja\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\tanja\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\tanja\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

cosinus 29.04.2011 20:58
Zitat:
[2011.04.28 14:33:33 | 000,000,000 | ---D | C] -- C:\cofi
[2011.04.28 14:32:39 | 000,000,000 | ---D | C] -- C:\Qoobox
Wer hat dich angewiesen CF auszuführen?
Warum postest du dann nichtmal das Log?

froosl 30.04.2011 05:38
sorry, ich bin davon ausgegangen dass ich das nach malwarebytes und otl auf jeden fall erledigen muss. hier die aktuelle log-datei:

Combofix Logfile:
Code:
ComboFix 11-04-27.03 - tanja 30.04.2011  6:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2045.1335 [GMT 2:00]
ausgeführt von:: c:\users\tanja\Downloads\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
C:\Install.exe
c:\programdata\hpeB5B8.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-28 bis 2011-04-30  ))))))))))))))))))))))))))))))
.
.
2011-04-30 04:32 . 2011-04-30 04:32        --------        d-----w-        c:\users\Standard\AppData\Local\temp
2011-04-30 04:32 . 2011-04-30 04:32        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-29 19:17 . 2011-04-29 19:17        --------        d-----w-        c:\program files\AMD APP
2011-04-29 19:17 . 2011-04-29 19:17        --------        d-----w-        c:\programdata\AMD
2011-04-29 19:17 . 2010-02-18 07:18        37944        ----a-w-        c:\windows\system32\drivers\amdiox86.sys
2011-04-29 19:15 . 2011-04-29 19:15        --------        d-----w-        C:\ATI
2011-04-29 18:47 . 2011-04-29 18:47        --------        d-----w-        c:\program files\ATI
2011-04-29 15:50 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 15:50 . 2011-04-29 15:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-29 15:50 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-29 07:16 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5562D73D-15CE-464A-97D5-0756FEED30F9}\mpengine.dll
2011-04-28 19:49 . 2011-04-28 19:49        --------        d-----w-        c:\program files\Conduit
2011-04-28 19:49 . 2011-04-28 19:49        --------        d-----w-        c:\users\tanja\AppData\Roaming\Ashampoo
2011-04-28 19:49 . 2011-04-28 19:49        --------        d-----w-        c:\program files\MyAshampoo
2011-04-28 19:49 . 2011-04-28 19:49        --------        d-----w-        c:\users\tanja\AppData\Local\ashampoo
2011-04-28 19:49 . 2011-04-28 19:49        --------        d-----w-        c:\programdata\ashampoo
2011-04-28 19:49 . 2011-04-28 19:49        --------        d-----w-        c:\program files\Ashampoo
2011-04-28 14:42 . 2011-04-28 14:42        --------        d-----w-        c:\users\tanja\AppData\Roaming\Avira
2011-04-28 13:21 . 2011-04-28 13:21        --------        d-----w-        C:\Log
2011-04-28 13:20 . 2006-04-17 09:56        1207808        ----a-w-        c:\windows\system32\PhoenixDll.dll
2011-04-28 13:20 . 2004-10-16 19:46        178176        ----a-w-        c:\windows\system32\StellarProfile.dll
2011-04-28 13:20 . 2011-04-28 13:20        --------        d-----w-        c:\program files\Stellar Phoenix Windows Data Recovery
2011-04-28 12:20 . 2011-04-01 15:07        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-04-28 12:20 . 2011-04-01 15:07        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-04-28 12:20 . 2011-04-28 12:20        --------        d-----w-        c:\programdata\Avira
2011-04-28 12:20 . 2011-04-28 12:20        --------        d-----w-        c:\program files\Avira
2011-04-28 12:02 . 2011-04-28 12:02        --------        d-----w-        c:\users\tanja\AppData\Roaming\TrojanHunter
2011-04-28 12:00 . 2011-04-28 12:36        --------        d-----w-        c:\program files\TrojanHunter 5.3
2011-04-28 11:51 . 2011-03-03 15:40        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-04-28 11:51 . 2011-03-03 13:35        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 11:51 . 2011-03-12 21:55        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-04-28 11:50 . 2011-04-28 11:50        --------        d-----w-        c:\users\tanja\AppData\Local\PackageAware
2011-04-26 21:47 . 2011-04-26 21:47        --------        d-----w-        c:\users\tanja\AppData\Roaming\Malwarebytes
2011-04-26 21:47 . 2011-04-26 21:47        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-26 21:28 . 2011-04-26 21:28        --------        d-----w-        C:\_OTL
2011-04-26 20:37 . 2011-04-26 20:37        --------        d-----w-        c:\programdata\WindowsSearch
2011-04-26 20:20 . 2011-04-26 20:20        --------        d-----w-        c:\program files\Common Files\InfoWatch
2011-04-26 20:20 . 2011-04-26 20:20        --------        d-----w-        c:\programdata\Kaspersky Lab
2011-04-26 20:20 . 2011-04-26 20:20        --------        d-----w-        c:\program files\Kaspersky Lab
2011-04-26 20:15 . 2011-04-26 20:15        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2011-04-14 05:25 . 2011-03-03 15:42        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-04-14 05:25 . 2011-02-17 06:23        420864        ----a-w-        c:\windows\system32\vbscript.dll
2011-04-14 05:25 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-04-05 20:09 . 2011-04-05 20:09        59904        ----a-w-        c:\windows\system32\OVDecode.dll
2011-04-05 20:09 . 2011-04-05 20:09        51712        ----a-w-        c:\windows\system32\OpenCL.dll
2011-04-05 20:09 . 2011-04-05 20:09        12385280        ----a-w-        c:\windows\system32\amdocl.dll
2011-03-31 19:48 . 2011-03-31 19:48        --------        d-----w-        c:\program files\TuneUpMedia
2011-03-31 19:48 . 2011-04-01 18:44        --------        d-----w-        c:\users\tanja\AppData\Roaming\TuneUpMedia
2011-03-31 19:48 . 2011-03-31 19:48        --------        d-----w-        c:\programdata\TuneUpMedia
2011-03-31 19:47 . 2011-03-31 19:47        --------        d-----w-        c:\users\tanja\AppData\Roaming\Canneverbe Limited
2011-03-31 19:47 . 2011-03-31 19:47        --------        d-----w-        c:\programdata\Canneverbe Limited
2011-03-31 19:47 . 2011-04-29 06:55        --------        d-----w-        c:\users\tanja\AppData\Local\OpenCandy
2011-03-31 19:47 . 2011-04-28 19:43        --------        d-----w-        c:\users\tanja\AppData\Roaming\OpenCandy
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:40 . 2011-04-28 11:51        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 11:51        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 11:51        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 11:51        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-22 19:33        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-22 19:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-22 19:33        797696        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-02 20:40 . 2011-03-20 19:34        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-03 18:13        222080        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 13:26        3908192        ----a-w-        c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-11-29 13:26        3908192        ----a-w-        c:\program files\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [BU]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-07-20 323280]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SysTrayApp"="%ProgramFiles%\IDT\WDM\sttray.exe" [BU]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 336384]
.
c:\users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Inhaltsverzeichnis.onetoc2 [2010-1-1 3656]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
R2 gupdate1c9f2a59e6b3576;Google Update Service (gupdate1c9f2a59e6b3576);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 133104]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-02-12 73728]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-05 294400]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-11-17 97296]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-30 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-03-07 15:50]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 19:22]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 19:22]
.
2011-04-29 c:\windows\Tasks\User_Feed_Synchronization-{5A0E6B98-E418-4C22-8278-7F04489B1D46}.job
- c:\windows\system32\msfeedssync.exe [2011-04-14 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-30 06:33
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(6028)
c:\program files\Avira\AntiVir Desktop\shlext.dll
c:\program files\7-Zip\7-zip.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Cyberlink\PowerDirector\PDM1Splter.ax
c:\program files\Cyberlink\PowerDirector\PDM2Splter.ax
.
Zeit der Fertigstellung: 2011-04-30  06:36:31
ComboFix-quarantined-files.txt  2011-04-30 04:36
.
Vor Suchlauf: 18 Verzeichnis(se), 209.939.968.000 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 209.947.099.136 Bytes frei
.
- - End Of File - - 16C22CB77917813DA49D22E51CDF92D3
--- --- ---

froosl 30.04.2011 20:48
hm, irgendwie passiert bei mir gerade nichts mehr. Hilft mir niemand weiter? ;-(

cosinus 01.05.2011 14:19
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKCU..\Run: [ICQ]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.04.26 22:27:20 | 000,000,392 | ---- | M] () -- C:\ProgramData\42589960
[2011.04.26 22:24:55 | 000,000,144 | ---- | M] () -- C:\ProgramData\~42589960r
[2011.04.26 22:24:55 | 000,000,128 | ---- | M] () -- C:\ProgramData\~42589960
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

froosl 01.05.2011 18:15
Hallo,
hier das Logfile das nach dem Neustart automatisch angezeigt wurde:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ deleted successfully.
C:\Program Files\MyAshampoo\tbMyAs.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
File C:\Program Files\MyAshampoo\tbMyAs.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
File C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.
File C:\Program Files\MyAshampoo\tbMyAs.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
File C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\42589960 moved successfully.
C:\ProgramData\~42589960r moved successfully.
C:\ProgramData\~42589960 moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Standard
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: tanja
->Temp folder emptied: 59603967 bytes
->Temporary Internet Files folder emptied: 5564424 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 9218 bytes
->Flash cache emptied: 776 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 62,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05012011_190720

Files\Folders moved on Reboot...
C:\Users\tanja\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OHN8B9S2\98411-tr-kazy-mekml-1-mit-allen-symtomen-daten-unsichtbar-festplattenfehler-usw[1].htm moved successfully.
C:\Users\tanja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD3IG5XJ\ads[1].htm moved successfully.

Registry entries deleted on Reboot...

cosinus 02.05.2011 09:41
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

froosl 02.05.2011 19:56
Hallo,
Unide.exe ist nicht mehr erforderlich da alle Daten wieder sichtbar sind.

Frage zum Download der Kaspersky-Software. ich habe den DE-Cleaner von Avira auf Anweisung meiner Bank laufen lassen. Es wurde hier eine weitere Datei gefunden und entfernt. Ist das dieselbe Software oder soll ich Kaspersky trotzdem ausführen?

froosl 02.05.2011 20:00
hier noch die Log.datei:

Avira DE-Cleaner
Erstellungsdatum der Reportdatei: Montag, 2. Mai 2011 19:06

Es wird nach 2656787 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : DE Cleaner Kit
Seriennummer : 2212356710-DECLE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : tanja
Computername : TANJA-PC

Versionsinformationen:
BUILD.DAT : 10.0.0.36 11958 Bytes 28.02.2011 13:01:00
AVSCAN.EXE : 10.0.4.6 514216 Bytes 02.05.2011 17:05:18
AVSCAN.DLL : 10.0.4.0 56168 Bytes 02.05.2011 17:05:18
LUKE.DLL : 10.0.4.1 104296 Bytes 02.05.2011 17:05:21
LUKERES.DLL : Keine Information!
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:15:11
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 14:15:12
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 12:22:20
VBASE004.VDF : 7.11.5.226 2048 Bytes 07.04.2011 12:22:20
VBASE005.VDF : 7.11.5.227 2048 Bytes 07.04.2011 12:22:20
VBASE006.VDF : 7.11.5.228 2048 Bytes 07.04.2011 12:22:20
VBASE007.VDF : 7.11.5.229 2048 Bytes 07.04.2011 12:22:20
VBASE008.VDF : 7.11.5.230 2048 Bytes 07.04.2011 12:22:20
VBASE009.VDF : 7.11.5.231 2048 Bytes 07.04.2011 12:22:20
VBASE010.VDF : 7.11.5.232 2048 Bytes 07.04.2011 12:22:20
VBASE011.VDF : 7.11.5.233 2048 Bytes 07.04.2011 12:22:20
VBASE012.VDF : 7.11.5.234 2048 Bytes 07.04.2011 12:22:20
VBASE013.VDF : 7.11.6.28 158208 Bytes 11.04.2011 12:22:21
VBASE014.VDF : 7.11.6.74 116224 Bytes 13.04.2011 12:22:21
VBASE015.VDF : 7.11.6.113 137728 Bytes 14.04.2011 12:22:21
VBASE016.VDF : 7.11.6.150 146944 Bytes 18.04.2011 12:22:22
VBASE017.VDF : 7.11.6.192 138240 Bytes 20.04.2011 12:22:22
VBASE018.VDF : 7.11.6.237 156160 Bytes 22.04.2011 12:22:22
VBASE019.VDF : 7.11.7.45 427520 Bytes 27.04.2011 12:22:23
VBASE020.VDF : 7.11.7.64 192000 Bytes 28.04.2011 04:13:15
VBASE021.VDF : 7.11.7.97 182272 Bytes 02.05.2011 17:05:27
VBASE022.VDF : 7.11.7.98 2048 Bytes 02.05.2011 17:05:27
VBASE023.VDF : 7.11.7.99 2048 Bytes 02.05.2011 17:05:27
VBASE024.VDF : 7.11.7.100 2048 Bytes 02.05.2011 17:05:27
VBASE025.VDF : 7.11.7.101 2048 Bytes 02.05.2011 17:05:27
VBASE026.VDF : 7.11.7.102 2048 Bytes 02.05.2011 17:05:27
VBASE027.VDF : 7.11.7.103 2048 Bytes 02.05.2011 17:05:28
VBASE028.VDF : 7.11.7.104 2048 Bytes 02.05.2011 17:05:28
VBASE029.VDF : 7.11.7.105 2048 Bytes 02.05.2011 17:05:28
VBASE030.VDF : 7.11.7.106 2048 Bytes 02.05.2011 17:05:28
VBASE031.VDF : 7.11.7.115 64512 Bytes 02.05.2011 17:05:28
Engineversion : 8.2.4.166
AEVDF.DLL : 8.1.2.1 106868 Bytes 28.03.2011 14:14:53
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 02.05.2011 17:05:33
AESCN.DLL : 8.1.7.2 127349 Bytes 28.03.2011 14:14:53
AESBX.DLL : 8.1.3.2 254324 Bytes 28.03.2011 14:14:53
AERDL.DLL : 8.1.9.2 635252 Bytes 02.05.2011 17:05:32
AEPACK.DLL : 8.2.4.9 512374 Bytes 02.05.2011 17:05:32
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 02.05.2011 17:05:31
AEHEUR.DLL : 8.1.2.76 3273078 Bytes 02.05.2011 17:05:31
AEHELP.DLL : 8.1.16.1 246134 Bytes 28.03.2011 14:14:46
AEGEN.DLL : 8.1.5.2 397683 Bytes 02.05.2011 17:05:29
AEEMU.DLL : 8.1.3.0 393589 Bytes 28.03.2011 14:14:45
AECORE.DLL : 8.1.19.2 196983 Bytes 02.05.2011 17:05:28
AEBB.DLL : 8.1.1.0 53618 Bytes 28.03.2011 14:14:44
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02.05.2011 17:05:19
AVPREF.DLL : 10.0.0.0 44904 Bytes 02.05.2011 17:05:18
AVREP.DLL : 10.0.0.8 63848 Bytes 02.05.2011 17:05:18
AVREG.DLL : 10.0.3.2 53096 Bytes 02.05.2011 17:05:18
AVSCPLR.DLL : 10.0.4.1 84840 Bytes 02.05.2011 17:05:18
AVARKT.DLL : Keine Information!
SQLITE3.DLL : 3.6.19.0 355688 Bytes 02.05.2011 17:05:27
AVSMTP.DLL : Keine Information!
NETNT.DLL : Keine Information!
RCIMAGE.DLL : 11.0.8.0 96616 Bytes 02.05.2011 17:05:26
RCTEXT.DLL : 11.0.7.0 403304 Bytes 02.05.2011 17:05:26

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: unknown
Konfigurationsdatei...................: C:\Users\tanja\AppData\Local\Temp\decleaner\decleaner\setup\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Montag, 2. Mai 2011 19:06

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'logon.scr' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'deCleaner.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'avwebloader.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'hphc_service.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'Com4QLBEx.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqwmiex.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'LightScribeControlPanel.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdSync.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'napster.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'QLBCTRL.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'QPService.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'QPSched.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'QPCapSvc.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'Fuel.Service.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'aestsrv.exe' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'Hpservice.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '155' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1908' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\HP\BIN\EndProcess.exe
[FUND] Enthält Erkennungsmuster der Anwendung APPL/KillApp.A
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar
[0] Archivtyp: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNUNG] Interner Fehler!
[WARNUNG] Interner Fehler!
C:\Users\tanja\Desktop\OpenOffice.org 3.3 (de) Installation Files\openofficeorg1.cab
[0] Archivtyp: CAB (Microsoft)
--> testtar.tar
[1] Archivtyp: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNUNG] Interner Fehler!
C:\Users\tanja\Downloads\OOo_3.3.0_Win_x86_install-wJRE_de.exe
[0] Archivtyp: NSIS
--> unknown7
[1] Archivtyp: CAB (Microsoft)
--> testtar.tar
[2] Archivtyp: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNUNG] Interner Fehler!

Beginne mit der Desinfektion:
Der Systemwiederherstellungspunkt wurde erfolgreich angelegt.
C:\HP\BIN\EndProcess.exe
[FUND] Enthält Erkennungsmuster der Anwendung APPL/KillApp.A
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 4d455802.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.


Ende des Suchlaufs: Montag, 2. Mai 2011 20:47
Benötigte Zeit: 1:35:51 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

31989 Verzeichnisse wurden überprüft
647446 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
1 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
647445 Dateien ohne Befall
4617 Archive wurden durchsucht
4 Warnungen
1 Hinweise
642198 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

cosinus 02.05.2011 20:42
Zitat:
Zitat von froosl (Beitrag 651709)
Hallo,
Unide.exe ist nicht mehr erforderlich da alle Daten wieder sichtbar sind.

Frage zum Download der Kaspersky-Software. ich habe den DE-Cleaner von Avira auf Anweisung meiner Bank laufen lassen. Es wurde hier eine weitere Datei gefunden und entfernt. Ist das dieselbe Software oder soll ich Kaspersky trotzdem ausführen?
Was wurde wo gefunden? Willst du dir nun von deiner Bank oder hier helfen lassen? :balla:

froosl 03.05.2011 05:35
wie kann ich das nachvollziehen was bei unhide gefunden wurde? ich kann leider kein logfile finden.

Und sorry, aber meine Bank hat mir dringend empfohlen nach der Sperrung sofort den DE-Cleaner laufen zu lassen.

cosinus 03.05.2011 10:41
Wenn dann geben die Banken Tipps wie formatieren und neu installieren, nur das ist sicher und normalerweise als Tipp, den die Bank gibt, auch für die Bank vertretbar!
Wenn du Banking machst, solltest du bei Befall eh daran denken, besser zu formatieren, oder kannste nun mit einem Restrisiko leben?

froosl 04.05.2011 19:20
die Frage ist jetzt für mich ob ich - abgesehen vom Tipp neu zu formatieren noch etwas machen muss. Der DE-Cleaner hat ja jetzt nochmal eine Datei gefunden und diese beseitigt. Das neu formatieren habe ich aber auch nicht drauf.

cosinus 05.05.2011 08:29
Zitat:
die Frage ist jetzt für mich ob ich - abgesehen vom Tipp neu zu formatieren noch etwas machen muss
Ich hab vor drei Tagen schon gefragt was der DE-Cleaner denn gefunden hat!

froosl 05.05.2011 20:35
...und ich hab vor 3 Tagen schon gepostet was er gefunden hat. ;-)

Guckst Du weiter oben und gibst mir wieder Rückmeldung.

Grüße
Frank

cosinus 06.05.2011 08:38
Zitat:
Avira DE-Cleaner
Seit wann ist der DE-Cleaner von Avira? Ich ken nur den von Symantec, vllt hab ich deswegen gedacht du hast die Funde nicht gepostet :stirn:

Die Funde vom Avira-DE-Cleaner sind imho irrelevant. Fürh bitte wie ich schon gepostet hab den tdsskiller und unhide aus, falls du Probleme mit dem Zugriff auf eigene Daten hast.

froosl 06.05.2011 12:20
Also der DE-Cleaner ist def. von Avira. Hab ihn auf dem Desktop drauf (wird auch von www.botfrei.de empfohlen). Das kennst Du ja sicher...

probleme mit der Ansicht von Dateien usw. habe ich nicht mehr. Die Log-Datei von unhide habe ich auch schon gepostet.

cosinus 06.05.2011 13:53
Logdatei von unhide? Sry aber ich glaube so langsam driftet der Strang ab. Mach bitte keine anderen Sachen mehr, auch wenn die Bank meint irgendein Tool müsse ausgeführt werden. Siehst ja was bei rauskommt...

Das Log von unhide wollte ich weder sehen noch hast du es hier gepostet.
Ich wollte, dass du den TDSS-Killer ausführst, was du aber aufgrund von mir nicht nachvollziehbaren Zweifeln nicht ausführen wolltest.

froosl 07.05.2011 05:11
jetzt habe ich den TDSS-Killer laufen lassen wie du beschrieben hast.

Ergebnis:
keine Infektion gefunden, allerdings hat er auch keine log.datei ausgeworfen.

Gespeichert habe ich es wie beschrieben auf dem Desktop

froosl 07.05.2011 05:31
jetzt habe ich den report gefunden:

2011/05/07 06:05:06.0020 3416 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/07 06:05:06.0236 3416 ================================================================================
2011/05/07 06:05:06.0236 3416 SystemInfo:
2011/05/07 06:05:06.0236 3416
2011/05/07 06:05:06.0237 3416 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/07 06:05:06.0237 3416 Product type: Workstation
2011/05/07 06:05:06.0237 3416 ComputerName: TANJA-PC
2011/05/07 06:05:06.0238 3416 UserName: tanja
2011/05/07 06:05:06.0238 3416 Windows directory: C:\Windows
2011/05/07 06:05:06.0238 3416 System windows directory: C:\Windows
2011/05/07 06:05:06.0238 3416 Processor architecture: Intel x86
2011/05/07 06:05:06.0239 3416 Number of processors: 2
2011/05/07 06:05:06.0239 3416 Page size: 0x1000
2011/05/07 06:05:06.0239 3416 Boot type: Normal boot
2011/05/07 06:05:06.0239 3416 ================================================================================
2011/05/07 06:05:06.0818 3416 Initialize success
2011/05/07 06:05:30.0549 3624 ================================================================================
2011/05/07 06:05:30.0549 3624 Scan started
2011/05/07 06:05:30.0549 3624 Mode: Manual;
2011/05/07 06:05:30.0549 3624 ================================================================================
2011/05/07 06:05:31.0630 3624 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/05/07 06:05:31.0720 3624 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/07 06:05:31.0799 3624 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/07 06:05:31.0847 3624 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/07 06:05:31.0893 3624 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/07 06:05:31.0954 3624 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/07 06:05:32.0066 3624 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/07 06:05:32.0166 3624 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/07 06:05:32.0248 3624 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/07 06:05:32.0307 3624 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/07 06:05:32.0341 3624 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/07 06:05:32.0414 3624 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/07 06:05:32.0435 3624 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/07 06:05:32.0494 3624 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
2011/05/07 06:05:32.0528 3624 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/07 06:05:32.0564 3624 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/07 06:05:32.0833 3624 amdkmdag (f954c37e0e4a2336f899b752c2f0abb2) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/07 06:05:33.0090 3624 amdkmdap (82179c4f36c9e3ae3e07616903155bc5) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/07 06:05:33.0239 3624 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/07 06:05:33.0293 3624 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/07 06:05:33.0336 3624 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/07 06:05:33.0400 3624 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/07 06:05:33.0488 3624 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2011/05/07 06:05:33.0602 3624 AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
2011/05/07 06:05:33.0889 3624 atikmdag (f954c37e0e4a2336f899b752c2f0abb2) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/07 06:05:34.0077 3624 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/05/07 06:05:34.0177 3624 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/07 06:05:34.0235 3624 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/07 06:05:34.0346 3624 BCM43XV (8c74f7814028140c9518d2b59f9410b6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/07 06:05:34.0438 3624 BCM43XX (8c74f7814028140c9518d2b59f9410b6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/07 06:05:34.0493 3624 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/07 06:05:34.0550 3624 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/07 06:05:34.0629 3624 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/07 06:05:34.0696 3624 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/07 06:05:34.0728 3624 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/07 06:05:34.0788 3624 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/07 06:05:34.0826 3624 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/07 06:05:34.0885 3624 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/07 06:05:34.0928 3624 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/07 06:05:34.0991 3624 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/07 06:05:35.0054 3624 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/07 06:05:35.0108 3624 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/07 06:05:35.0194 3624 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/05/07 06:05:35.0305 3624 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/07 06:05:35.0446 3624 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/07 06:05:35.0503 3624 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/07 06:05:35.0569 3624 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/07 06:05:35.0629 3624 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/07 06:05:35.0731 3624 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/07 06:05:35.0781 3624 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/07 06:05:35.0870 3624 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/07 06:05:35.0925 3624 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/07 06:05:35.0975 3624 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/07 06:05:36.0051 3624 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/07 06:05:36.0156 3624 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/07 06:05:36.0240 3624 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/07 06:05:36.0322 3624 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/07 06:05:36.0387 3624 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/07 06:05:36.0487 3624 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/07 06:05:36.0574 3624 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/07 06:05:36.0714 3624 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
2011/05/07 06:05:36.0753 3624 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/07 06:05:36.0871 3624 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/07 06:05:36.0954 3624 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/07 06:05:36.0975 3624 Scan interrupted by user!
2011/05/07 06:05:36.0975 3624 Scan interrupted by user!
2011/05/07 06:05:36.0975 3624 ================================================================================
2011/05/07 06:05:36.0975 3624 Scan finished
2011/05/07 06:05:36.0975 3624 ================================================================================
2011/05/07 06:07:24.0163 5884 ================================================================================
2011/05/07 06:07:24.0163 5884 Scan started
2011/05/07 06:07:24.0163 5884 Mode: Manual;
2011/05/07 06:07:24.0163 5884 ================================================================================
2011/05/07 06:07:25.0511 5884 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/05/07 06:07:25.0612 5884 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/07 06:07:25.0690 5884 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/07 06:07:25.0737 5884 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/07 06:07:25.0786 5884 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/07 06:07:25.0824 5884 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/07 06:07:25.0914 5884 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/07 06:07:25.0992 5884 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/07 06:07:26.0041 5884 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/07 06:07:26.0071 5884 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/07 06:07:26.0115 5884 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/07 06:07:26.0173 5884 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/07 06:07:26.0197 5884 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/07 06:07:26.0253 5884 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
2011/05/07 06:07:26.0287 5884 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/07 06:07:26.0324 5884 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/07 06:07:26.0580 5884 amdkmdag (f954c37e0e4a2336f899b752c2f0abb2) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/07 06:07:26.0748 5884 amdkmdap (82179c4f36c9e3ae3e07616903155bc5) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/07 06:07:26.0831 5884 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/07 06:07:26.0863 5884 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/07 06:07:26.0906 5884 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/07 06:07:26.0959 5884 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/07 06:07:27.0034 5884 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2011/05/07 06:07:27.0105 5884 AtiHDAudioService (0c3c2e9136397e1aaa9033dcae25ced2) C:\Windows\system32\drivers\AtihdLH3.sys
2011/05/07 06:07:27.0417 5884 atikmdag (f954c37e0e4a2336f899b752c2f0abb2) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/07 06:07:27.0535 5884 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/05/07 06:07:27.0613 5884 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/07 06:07:27.0671 5884 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/07 06:07:27.0761 5884 BCM43XV (8c74f7814028140c9518d2b59f9410b6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/07 06:07:27.0823 5884 BCM43XX (8c74f7814028140c9518d2b59f9410b6) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/07 06:07:27.0875 5884 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/07 06:07:27.0932 5884 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/07 06:07:27.0987 5884 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/07 06:07:28.0022 5884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/07 06:07:28.0054 5884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/07 06:07:28.0091 5884 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/07 06:07:28.0129 5884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/07 06:07:28.0154 5884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/07 06:07:28.0186 5884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/07 06:07:28.0239 5884 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/07 06:07:28.0279 5884 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/07 06:07:28.0322 5884 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/07 06:07:28.0361 5884 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/05/07 06:07:28.0397 5884 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/07 06:07:28.0504 5884 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/07 06:07:28.0550 5884 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/07 06:07:28.0594 5884 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/07 06:07:28.0654 5884 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/07 06:07:28.0712 5884 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/07 06:07:28.0740 5884 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/07 06:07:28.0772 5884 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/07 06:07:28.0817 5884 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/07 06:07:28.0867 5884 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/07 06:07:28.0965 5884 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/07 06:07:29.0025 5884 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/07 06:07:29.0099 5884 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/07 06:07:29.0169 5884 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/07 06:07:29.0224 5884 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/07 06:07:29.0302 5884 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/07 06:07:29.0366 5884 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/07 06:07:29.0429 5884 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
2011/05/07 06:07:29.0466 5884 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/07 06:07:29.0585 5884 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/07 06:07:29.0658 5884 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/07 06:07:29.0704 5884 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/07 06:07:29.0786 5884 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/07 06:07:29.0822 5884 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/07 06:07:29.0864 5884 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/07 06:07:29.0933 5884 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/07 06:07:30.0008 5884 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/07 06:07:30.0040 5884 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/07 06:07:30.0092 5884 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/07 06:07:30.0189 5884 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/07 06:07:30.0256 5884 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/07 06:07:30.0302 5884 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/07 06:07:30.0346 5884 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/07 06:07:30.0410 5884 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/07 06:07:30.0473 5884 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/07 06:07:30.0610 5884 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/05/07 06:07:30.0695 5884 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/07 06:07:30.0751 5884 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2011/05/07 06:07:30.0844 5884 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/07 06:07:30.0926 5884 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/07 06:07:31.0041 5884 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/07 06:07:31.0092 5884 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/07 06:07:31.0170 5884 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/07 06:07:31.0268 5884 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/07 06:07:31.0307 5884 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/07 06:07:31.0357 5884 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/07 06:07:31.0416 5884 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/07 06:07:31.0473 5884 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/07 06:07:31.0542 5884 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/07 06:07:31.0608 5884 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/07 06:07:31.0637 5884 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/07 06:07:31.0686 5884 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/07 06:07:31.0727 5884 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/07 06:07:31.0779 5884 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/07 06:07:31.0814 5884 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/07 06:07:31.0840 5884 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/07 06:07:31.0899 5884 JMCR (858c550ebbd243826a2193262c1b54a3) C:\Windows\system32\DRIVERS\jmcr.sys
2011/05/07 06:07:31.0938 5884 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/07 06:07:31.0974 5884 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/07 06:07:32.0042 5884 KLIF (723f185c945c0a6d2e21c2bb26a46fe7) C:\Windows\system32\DRIVERS\klif.sys
2011/05/07 06:07:32.0114 5884 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/07 06:07:32.0204 5884 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/07 06:07:32.0254 5884 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/07 06:07:32.0278 5884 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/07 06:07:32.0305 5884 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/07 06:07:32.0331 5884 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/07 06:07:32.0382 5884 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/07 06:07:32.0444 5884 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/07 06:07:32.0480 5884 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/07 06:07:32.0523 5884 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/07 06:07:32.0553 5884 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/07 06:07:32.0598 5884 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/07 06:07:32.0628 5884 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/07 06:07:32.0685 5884 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/07 06:07:32.0721 5884 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/07 06:07:32.0769 5884 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/07 06:07:32.0827 5884 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/07 06:07:32.0886 5884 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/07 06:07:32.0930 5884 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/07 06:07:32.0960 5884 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/07 06:07:33.0039 5884 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/05/07 06:07:33.0078 5884 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/07 06:07:33.0137 5884 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/07 06:07:33.0190 5884 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/07 06:07:33.0269 5884 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/07 06:07:33.0325 5884 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/07 06:07:33.0368 5884 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/07 06:07:33.0437 5884 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/07 06:07:33.0510 5884 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/07 06:07:33.0556 5884 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/07 06:07:33.0591 5884 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/07 06:07:33.0700 5884 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/07 06:07:33.0785 5884 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/07 06:07:33.0858 5884 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/07 06:07:33.0899 5884 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/07 06:07:33.0954 5884 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/07 06:07:34.0002 5884 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/07 06:07:34.0044 5884 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/07 06:07:34.0116 5884 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/07 06:07:34.0170 5884 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/07 06:07:34.0242 5884 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/07 06:07:34.0303 5884 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/07 06:07:34.0413 5884 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/07 06:07:34.0530 5884 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/07 06:07:34.0570 5884 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/07 06:07:34.0642 5884 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/05/07 06:07:34.0692 5884 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys
2011/05/07 06:07:34.0968 5884 nvlddmkm (cef89ad9aaabf89c9c36c65adc62f1ed) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/07 06:07:35.0264 5884 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/07 06:07:35.0301 5884 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/07 06:07:35.0353 5884 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/07 06:07:35.0507 5884 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/07 06:07:35.0569 5884 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/07 06:07:35.0614 5884 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/07 06:07:35.0663 5884 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/07 06:07:35.0721 5884 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/07 06:07:35.0772 5884 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/07 06:07:35.0810 5884 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/07 06:07:35.0862 5884 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/07 06:07:35.0969 5884 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/07 06:07:36.0002 5884 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/05/07 06:07:36.0088 5884 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/07 06:07:36.0140 5884 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/07 06:07:36.0220 5884 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/07 06:07:36.0278 5884 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/07 06:07:36.0342 5884 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/07 06:07:36.0378 5884 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/07 06:07:36.0421 5884 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/07 06:07:36.0469 5884 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/07 06:07:36.0526 5884 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/07 06:07:36.0580 5884 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/07 06:07:36.0609 5884 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/07 06:07:36.0670 5884 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/07 06:07:36.0694 5884 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/07 06:07:36.0739 5884 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/07 06:07:36.0817 5884 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/07 06:07:36.0863 5884 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/07 06:07:36.0922 5884 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/07 06:07:36.0981 5884 s1018bus (12a851f30853a5a8e7b50341fa4b0ffb) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/05/07 06:07:37.0021 5884 s1018mdfl (a0141d5dc689a892b3f30446cbe52575) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/05/07 06:07:37.0057 5884 s1018mdm (07d430e4b2bfde6b07f31f1da6e7cab0) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/05/07 06:07:37.0110 5884 s1018mgmt (d73c20d3f0f825c8fd23f841cdcb14c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/05/07 06:07:37.0146 5884 s1018nd5 (895a1a2812dbd5afdd5ca4686a89a33c) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/05/07 06:07:37.0196 5884 s1018obex (a986e9683c74fa06456fd2ad34ba1490) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/05/07 06:07:37.0242 5884 s1018unic (da83525924c23f30f37ac1d1f11d6f15) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/05/07 06:07:37.0310 5884 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/07 06:07:37.0377 5884 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/07 06:07:37.0424 5884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/07 06:07:37.0503 5884 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/05/07 06:07:37.0559 5884 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/07 06:07:37.0599 5884 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/07 06:07:37.0641 5884 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/07 06:07:37.0744 5884 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/07 06:07:37.0778 5884 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/07 06:07:37.0818 5884 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/07 06:07:37.0852 5884 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/07 06:07:37.0904 5884 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/07 06:07:37.0940 5884 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/07 06:07:37.0980 5884 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/07 06:07:38.0041 5884 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/07 06:07:38.0089 5884 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/07 06:07:38.0153 5884 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/07 06:07:38.0227 5884 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/07 06:07:38.0260 5884 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/07 06:07:38.0337 5884 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/07 06:07:38.0441 5884 STHDA (5e71b3635d5f96d23eee1da92b85c850) C:\Windows\system32\DRIVERS\stwrt.sys
2011/05/07 06:07:38.0520 5884 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/07 06:07:38.0576 5884 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/07 06:07:38.0622 5884 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/07 06:07:38.0681 5884 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/07 06:07:38.0752 5884 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/07 06:07:38.0913 5884 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/07 06:07:39.0058 5884 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/07 06:07:39.0119 5884 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/07 06:07:39.0180 5884 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/07 06:07:39.0229 5884 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/07 06:07:39.0286 5884 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/07 06:07:39.0358 5884 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/07 06:07:39.0486 5884 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/07 06:07:39.0546 5884 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/07 06:07:39.0587 5884 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/07 06:07:39.0636 5884 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/07 06:07:39.0713 5884 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/07 06:07:39.0849 5884 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/07 06:07:39.0892 5884 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/07 06:07:39.0938 5884 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/07 06:07:39.0969 5884 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/07 06:07:40.0012 5884 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/07 06:07:40.0100 5884 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/07 06:07:40.0132 5884 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/07 06:07:40.0195 5884 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/07 06:07:40.0238 5884 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/07 06:07:40.0272 5884 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/07 06:07:40.0324 5884 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/07 06:07:40.0360 5884 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/07 06:07:40.0391 5884 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/07 06:07:40.0452 5884 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/07 06:07:40.0526 5884 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/07 06:07:40.0575 5884 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/07 06:07:40.0610 5884 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/07 06:07:40.0674 5884 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/07 06:07:40.0711 5884 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/07 06:07:40.0753 5884 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/07 06:07:40.0823 5884 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/07 06:07:40.0890 5884 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/07 06:07:40.0939 5884 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/07 06:07:40.0998 5884 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/07 06:07:41.0035 5884 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/07 06:07:41.0062 5884 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/07 06:07:41.0120 5884 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/07 06:07:41.0174 5884 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/07 06:07:41.0266 5884 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/07 06:07:41.0365 5884 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/05/07 06:07:41.0404 5884 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/07 06:07:41.0510 5884 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/07 06:07:41.0558 5884 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/07 06:07:41.0695 5884 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/07 06:07:41.0805 5884 ================================================================================
2011/05/07 06:07:41.0805 5884 Scan finished
2011/05/07 06:07:41.0805 5884 ================================================================================

cosinus 07.05.2011 14:32
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

froosl 07.05.2011 19:52
so, hier die log.datei vom cofi:

Combofix Logfile:
Code:
ComboFix 11-05-06.05 - tanja 07.05.2011  20:27:17.3.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2045.1127 [GMT 2:00]
ausgeführt von:: c:\users\tanja\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-07 bis 2011-05-07  ))))))))))))))))))))))))))))))
.
.
2011-05-07 18:42 . 2011-05-07 18:42        --------        d-----w-        c:\users\Standard\AppData\Local\temp
2011-05-07 18:42 . 2011-05-07 18:42        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-06 20:03 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB4CCF56-1F6F-427D-B4D7-1BAD2FEDC579}\mpengine.dll
2011-05-01 05:32 . 2011-05-01 05:32        --------        d-----w-        c:\program files\CCleaner
2011-04-30 05:35 . 2011-04-30 05:35        --------        d-----w-        C:\AMD
2011-04-30 05:30 . 2011-04-30 05:30        --------        d-----w-        c:\programdata\Easy Driver Pro
2011-04-30 05:29 . 2011-04-30 05:29        --------        d-----w-        c:\program files\Easy Driver Pro
2011-04-30 04:59 . 2011-04-30 04:59        --------        d-----w-        c:\programdata\UAB
2011-04-30 04:59 . 2011-04-30 05:30        --------        d-----w-        c:\users\tanja\AppData\Local\PC_Drivers_Headquarters
2011-04-30 04:59 . 2011-04-30 04:59        --------        d-----w-        c:\programdata\DriverBoost
2011-04-30 04:58 . 2011-04-30 04:58        --------        d-----w-        c:\program files\DriverBoost
2011-04-30 04:52 . 2011-04-30 04:52        --------        d-----w-        c:\program files\MSI
2011-04-30 04:20 . 2011-04-30 04:36        --------        d-----w-        C:\cofi
2011-04-29 19:17 . 2011-04-29 19:17        --------        d-----w-        c:\program files\AMD APP
2011-04-29 19:17 . 2011-04-29 19:17        --------        d-----w-        c:\programdata\AMD
2011-04-29 19:17 . 2010-02-18 07:18        37944        ----a-w-        c:\windows\system32\drivers\amdiox86.sys
2011-04-29 19:15 . 2011-04-29 19:15        --------        d-----w-        C:\ATI
2011-04-29 18:47 . 2011-04-29 18:47        --------        d-----w-        c:\program files\ATI
2011-04-29 15:50 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 15:50 . 2011-04-29 15:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-29 15:50 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-28 19:49 . 2011-04-28 19:49        --------        d-----w-        c:\program files\Conduit
2011-04-28 19:49 . 2011-04-28 19:49        --------        d-----w-        c:\users\tanja\AppData\Roaming\Ashampoo
2011-04-28 19:49 . 2011-05-01 17:07        --------        d-----w-        c:\program files\MyAshampoo
2011-04-28 19:49 . 2011-04-28 19:49        --------        d-----w-        c:\users\tanja\AppData\Local\ashampoo
2011-04-28 19:49 . 2011-04-28 19:49        --------        d-----w-        c:\programdata\ashampoo
2011-04-28 19:49 . 2011-04-28 19:49        --------        d-----w-        c:\program files\Ashampoo
2011-04-28 14:42 . 2011-04-28 14:42        --------        d-----w-        c:\users\tanja\AppData\Roaming\Avira
2011-04-28 13:21 . 2011-04-28 13:21        --------        d-----w-        C:\Log
2011-04-28 13:20 . 2006-04-17 09:56        1207808        ----a-w-        c:\windows\system32\PhoenixDll.dll
2011-04-28 13:20 . 2004-10-16 19:46        178176        ----a-w-        c:\windows\system32\StellarProfile.dll
2011-04-28 13:20 . 2011-04-28 13:20        --------        d-----w-        c:\program files\Stellar Phoenix Windows Data Recovery
2011-04-28 12:20 . 2011-04-01 15:07        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-04-28 12:20 . 2011-04-01 15:07        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-04-28 12:20 . 2011-04-28 12:20        --------        d-----w-        c:\programdata\Avira
2011-04-28 12:20 . 2011-04-28 12:20        --------        d-----w-        c:\program files\Avira
2011-04-28 12:02 . 2011-04-28 12:02        --------        d-----w-        c:\users\tanja\AppData\Roaming\TrojanHunter
2011-04-28 12:00 . 2011-04-28 12:36        --------        d-----w-        c:\program files\TrojanHunter 5.3
2011-04-28 11:51 . 2011-03-03 15:40        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-04-28 11:51 . 2011-03-03 13:35        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 11:51 . 2011-03-12 21:55        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-04-28 11:50 . 2011-04-28 11:50        --------        d-----w-        c:\users\tanja\AppData\Local\PackageAware
2011-04-26 21:47 . 2011-04-26 21:47        --------        d-----w-        c:\users\tanja\AppData\Roaming\Malwarebytes
2011-04-26 21:47 . 2011-04-26 21:47        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-26 21:28 . 2011-04-26 21:28        --------        d-----w-        C:\_OTL
2011-04-26 20:37 . 2011-04-26 20:37        --------        d-----w-        c:\programdata\WindowsSearch
2011-04-26 20:20 . 2011-04-26 20:20        --------        d-----w-        c:\program files\Common Files\InfoWatch
2011-04-26 20:20 . 2011-04-26 20:20        --------        d-----w-        c:\programdata\Kaspersky Lab
2011-04-26 20:20 . 2011-04-26 20:20        --------        d-----w-        c:\program files\Kaspersky Lab
2011-04-26 20:15 . 2011-04-26 20:15        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2011-04-14 05:25 . 2011-03-03 15:42        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-04-14 05:25 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 04:10 . 2011-04-06 04:10        7774208        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2011-04-06 02:07 . 2011-04-06 02:07        17469952        ----a-w-        c:\windows\system32\atioglxx.dll
2011-04-06 02:03 . 2011-04-06 02:03        147456        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-04-06 02:03 . 2011-04-06 02:03        671744        ----a-w-        c:\windows\system32\aticfx32.dll
2011-04-06 01:59 . 2011-04-06 01:59        462848        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-04-06 01:59 . 2011-04-06 01:59        393216        ----a-w-        c:\windows\system32\atieclxx.exe
2011-04-06 01:58 . 2011-04-06 01:58        176128        ----a-w-        c:\windows\system32\atiesrxx.exe
2011-04-06 01:57 . 2011-04-06 01:57        159744        ----a-w-        c:\windows\system32\atitmmxx.dll
2011-04-06 01:57 . 2011-04-06 01:57        356352        ----a-w-        c:\windows\system32\atipdlxx.dll
2011-04-06 01:57 . 2011-04-06 01:57        278528        ----a-w-        c:\windows\system32\Oemdspif.dll
2011-04-06 01:56 . 2011-04-06 01:56        15872        ----a-w-        c:\windows\system32\atimuixx.dll
2011-04-06 01:56 . 2011-04-06 01:56        43520        ----a-w-        c:\windows\system32\ati2edxx.dll
2011-04-06 01:53 . 2011-04-06 01:53        4307968        ----a-w-        c:\windows\system32\atidxx32.dll
2011-04-06 01:42 . 2011-04-06 01:42        46080        ----a-w-        c:\windows\system32\aticalrt.dll
2011-04-06 01:42 . 2011-04-06 01:42        44032        ----a-w-        c:\windows\system32\aticalcl.dll
2011-04-06 01:38 . 2011-04-06 01:38        6098432        ----a-w-        c:\windows\system32\aticaldd.dll
2011-04-06 01:35 . 2011-04-06 01:35        4256768        ----a-w-        c:\windows\system32\atiumdag.dll
2011-04-06 01:34 . 2011-04-06 01:34        1912832        ----a-w-        c:\windows\system32\atiumdmv.dll
2011-04-06 01:28 . 2011-04-06 01:28        52736        ----a-w-        c:\windows\system32\coinst.dll
2011-04-06 01:26 . 2011-04-06 01:26        3631616        ----a-w-        c:\windows\system32\atiumdva.dll
2011-04-06 01:22 . 2011-04-06 01:22        258048        ----a-w-        c:\windows\system32\atiadlxx.dll
2011-04-06 01:22 . 2011-04-06 01:22        12800        ----a-w-        c:\windows\system32\atiglpxx.dll
2011-04-06 01:21 . 2011-04-06 01:21        32768        ----a-w-        c:\windows\system32\atigktxx.dll
2011-04-06 01:21 . 2011-04-06 01:21        242176        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2011-04-06 01:20 . 2011-04-06 01:20        31232        ----a-w-        c:\windows\system32\atiuxpag.dll
2011-04-06 01:20 . 2011-04-06 01:20        29184        ----a-w-        c:\windows\system32\atiu9pag.dll
2011-04-06 01:20 . 2011-04-06 01:20        37376        ----a-w-        c:\windows\system32\atitmpxx.dll
2011-04-06 01:20 . 2011-04-06 01:20        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2011-04-06 01:13 . 2011-04-06 01:13        52736        ----a-w-        c:\windows\system32\atimpc32.dll
2011-04-06 01:13 . 2011-04-06 01:13        52736        ----a-w-        c:\windows\system32\amdpcom32.dll
2011-04-05 20:09 . 2011-04-05 20:09        59904        ----a-w-        c:\windows\system32\OVDecode.dll
2011-04-05 20:09 . 2011-04-05 20:09        51712        ----a-w-        c:\windows\system32\OpenCL.dll
2011-04-05 20:09 . 2011-04-05 20:09        12385280        ----a-w-        c:\windows\system32\amdocl.dll
2011-03-03 15:40 . 2011-04-28 11:51        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 11:51        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 11:51        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 11:51        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-22 19:33        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-22 19:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-22 19:33        797696        ----a-w-        c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"NapsterShell"="c:\program files\Napster\napster.exe" [2010-07-20 323280]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-15 442433]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 336384]
.
c:\users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Inhaltsverzeichnis.onetoc2 [2010-1-1 3656]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9f2a59e6b3576;Google Update Service (gupdate1c9f2a59e6b3576);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 133104]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 133104]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-02-12 73728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-06 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-05 294400]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-06 7774208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-06 242176]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-11-17 97296]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-07 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-03-07 15:50]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 19:22]
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-21 19:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-07 20:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\tanja\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-07  20:50:17
ComboFix-quarantined-files.txt  2011-05-07 18:50
ComboFix2.txt  2011-04-30 04:36
.
Vor Suchlauf: 20 Verzeichnis(se), 207.707.615.232 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 207.931.138.048 Bytes frei
.
- - End Of File - - 0B6AC305B52611035E9EAA66FF9724FE
--- --- ---

cosinus 07.05.2011 20:09
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

froosl 07.05.2011 20:24
GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit quick scan 2011-05-07 21:23:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-60UST0 rev.01.01A01
Running: uiy29e7m.exe; Driver: C:\Users\tanja\AppData\Local\Temp\ugloipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

froosl 07.05.2011 20:30
so, hier noch osam:

eport of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 21:29:34 on 07.05.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Final Media Player Update Checker.job" - "Bitberry Software" - C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\tanja\AppData\Local\Temp\catchme.sys (File not found)
"Conexant Setup API" (UIUSys) - ? - C:\Windows\System32\DRIVERS\UIUSYS.SYS (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"mbr" (mbr) - ? - C:\cofi32564c\mbr.sys (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ugloipow" (ugloipow) - ? - C:\Users\tanja\AppData\Local\Temp\ugloipow.sys (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? - (File not found | COM-object registry key not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "NvCpl DesktopContext Class" - ? - (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "Play on my TV helper" - ? - (File not found | COM-object registry key not found)
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{888078C6-70B2-4F88-8EE7-1F50DDEA6120} "CeWe Color AG & Co. OHG Control" - "CeWe Color AG & Co. OHG" - C:\Windows\Downloaded Program Files\ImageUploader6.ocx / https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
{8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
{6F15128C-E66A-490C-B848-5000B5ABEEAC} "HP Download Manager" - "Hewlett-Packard Co." - C:\Windows\Downloaded Program Files\HPDEXAXO.dll / https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\Windows\Downloaded Program Files\IPSUploader4.ocx / https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} "JordanUploader Class" - "IPLabs GmbH" - C:\Windows\Downloaded Program Files\JordanApplet.dll / hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab
{8167C273-DF59-4416-B647-C8BB2C7EE83E} "WebSDev Control" - "MICRO-STAR INT'L CO., LTD." - C:\PROGRA~1\MSI\MSIWDev\WebSDev.ocx / hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OneNote Inhaltsverzeichnis.onetoc2" - ? - C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NapsterShell" - "Napster" - C:\Program Files\Napster\napster.exe /systray
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"AMD FUEL Service" (AMD FUEL Service) - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll
"Google Update Service (gupdate1c9f2a59e6b3576)" (gupdate1c9f2a59e6b3576) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky PURE" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
"QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
"Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit Online Solutions :: Index

froosl 07.05.2011 20:32
und hier noch mbr-check:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: HP
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv5 Notebook PC
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 210):
0x8284A000 \SystemRoot\system32\ntkrnlpa.exe
0x82817000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\PSHED.dll
0x8041C000 \SystemRoot\system32\BOOTVID.dll
0x80424000 \SystemRoot\system32\CLFS.SYS
0x80465000 \SystemRoot\system32\CI.dll
0x80545000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80600000 \SystemRoot\system32\drivers\acpi.sys
0x80646000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8064F000 \SystemRoot\system32\drivers\msisadrv.sys
0x80657000 \SystemRoot\system32\drivers\pci.sys
0x8067E000 \SystemRoot\system32\drivers\isapnp.sys
0x8068D000 \SystemRoot\system32\drivers\mpio.sys
0x806A9000 \SystemRoot\System32\drivers\partmgr.sys
0x806B8000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806BB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806C5000 \SystemRoot\system32\drivers\volmgr.sys
0x806D4000 \SystemRoot\System32\drivers\volmgrx.sys
0x8071E000 \SystemRoot\system32\drivers\intelide.sys
0x80725000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80733000 \SystemRoot\system32\drivers\pciide.sys
0x8073A000 \SystemRoot\system32\drivers\aliide.sys
0x80741000 \SystemRoot\system32\drivers\amdide.sys
0x80748000 \SystemRoot\system32\drivers\cmdide.sys
0x80750000 \SystemRoot\System32\drivers\mountmgr.sys
0x80760000 \SystemRoot\system32\drivers\msdsm.sys
0x8077A000 \SystemRoot\system32\drivers\nvraid.sys
0x80795000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807B6000 \SystemRoot\system32\drivers\viaide.sys
0x82E02000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82ED0000 \SystemRoot\system32\drivers\iastorv.sys
0x82F71000 \SystemRoot\system32\drivers\atapi.sys
0x82F79000 \SystemRoot\system32\drivers\ataport.SYS
0x82F97000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x82FB1000 \SystemRoot\system32\drivers\storport.sys
0x82FF2000 \SystemRoot\system32\drivers\nvstor.sys
0x807BE000 \SystemRoot\system32\drivers\msahci.sys
0x807C8000 \SystemRoot\system32\drivers\hpcisss.sys
0x88A09000 \SystemRoot\system32\drivers\adp94xx.sys
0x88A73000 \SystemRoot\system32\drivers\adpahci.sys
0x88ABF000 \SystemRoot\system32\drivers\adpu160m.sys
0x88ADA000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x88B00000 \SystemRoot\system32\drivers\adpu320.sys
0x88B26000 \SystemRoot\system32\drivers\djsvs.sys
0x88B3A000 \SystemRoot\system32\drivers\arc.sys
0x88B50000 \SystemRoot\system32\drivers\arcsas.sys
0x88B66000 \SystemRoot\system32\drivers\elxstor.sys
0x807D3000 \SystemRoot\system32\drivers\i2omp.sys
0x807DD000 \SystemRoot\system32\drivers\iirsp.sys
0x807ED000 \SystemRoot\system32\drivers\iteatapi.sys
0x805CE000 \SystemRoot\system32\drivers\iteraid.sys
0x805DA000 \SystemRoot\system32\drivers\lsi_fc.sys
0x88C00000 \SystemRoot\system32\drivers\lsi_sas.sys
0x88C18000 \SystemRoot\system32\drivers\megasas.sys
0x88C22000 \SystemRoot\system32\drivers\megasr.sys
0x88CD9000 \SystemRoot\system32\drivers\mraid35x.sys
0x88CE4000 \SystemRoot\system32\drivers\nfrd960.sys
0x88E09000 \SystemRoot\system32\drivers\ql2300.sys
0x88F41000 \SystemRoot\system32\drivers\ql40xx.sys
0x88F96000 \SystemRoot\system32\drivers\sisraid2.sys
0x88FA3000 \SystemRoot\system32\drivers\sisraid4.sys
0x88FB8000 \SystemRoot\system32\drivers\symc8xx.sys
0x88FC4000 \SystemRoot\system32\drivers\sym_hi.sys
0x88FCF000 \SystemRoot\system32\drivers\sym_u3.sys
0x88CF2000 \SystemRoot\system32\drivers\uliahci.sys
0x88FDA000 \SystemRoot\system32\drivers\ulsata.sys
0x88D2E000 \SystemRoot\system32\drivers\ulsata2.sys
0x88D5A000 \SystemRoot\system32\drivers\vsmraid.sys
0x88D7B000 \SystemRoot\system32\drivers\fltmgr.sys
0x88DAD000 \SystemRoot\system32\drivers\fileinfo.sys
0x88E00000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8900C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8907D000 \SystemRoot\system32\drivers\ndis.sys
0x89188000 \SystemRoot\system32\drivers\msrpc.sys
0x891B3000 \SystemRoot\system32\drivers\NETIO.SYS
0x8920A000 \SystemRoot\System32\drivers\tcpip.sys
0x892F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89401000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89511000 \SystemRoot\system32\drivers\wd.sys
0x89519000 \SystemRoot\system32\drivers\volsnap.sys
0x89552000 \SystemRoot\System32\Drivers\spldr.sys
0x8955A000 \SystemRoot\system32\drivers\sbp2port.sys
0x8956F000 \SystemRoot\System32\Drivers\mup.sys
0x8957E000 \SystemRoot\System32\drivers\ecache.sys
0x895A5000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x895AE000 \SystemRoot\system32\drivers\disk.sys
0x895BF000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x895C7000 \SystemRoot\system32\drivers\crcdisk.sys
0x895F2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8930F000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x89318000 \SystemRoot\system32\DRIVERS\processr.sys
0x89327000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9CC0D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9D601000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9D6A1000 \SystemRoot\System32\drivers\watchdog.sys
0x9D6AD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9D80A000 \SystemRoot\system32\DRIVERS\athr.sys
0x9D8EE000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x9D910000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9D928000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x9D932000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9D970000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9D97F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9D992000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x9D997000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9D9A2000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9D9D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9D9D3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9D9DE000 \SystemRoot\system32\DRIVERS\enecir.sys
0x9D73A000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x9D9F6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9D800000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x9D745000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9D774000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9D77F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9D796000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9D7A1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9D7C4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9D7D3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9D7E7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9D3C7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9D9FA000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x9D7FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x89367000 \SystemRoot\system32\DRIVERS\ks.sys
0x9D3D7000 \SystemRoot\system32\DRIVERS\circlass.sys
0x9D3E5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9D3EF000 \SystemRoot\system32\DRIVERS\amdiox86.sys
0x9CC00000 \SystemRoot\system32\DRIVERS\umbus.sys
0x89391000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x893C6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x893D7000 \SystemRoot\system32\drivers\AtihdLH3.sys
0x88DBD000 \SystemRoot\system32\drivers\portcls.sys
0x9DC0B000 \SystemRoot\system32\drivers\drmk.sys
0x9DC30000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x9DC91000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9DDB7000 \SystemRoot\system32\drivers\modem.sys
0x9DDC4000 \SystemRoot\system32\DRIVERS\hidir.sys
0x9DDCF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9DDDF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9DDE6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9DDEF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9E008000 \SystemRoot\system32\DRIVERS\klif.sys
0x9E059000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9E062000 \SystemRoot\System32\Drivers\Null.SYS
0x9E069000 \SystemRoot\System32\Drivers\Beep.SYS
0x9E070000 \SystemRoot\System32\drivers\vga.sys
0x9E07C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9E09D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9E0B4000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9E0D5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9E0DD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9E0E5000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9E0F2000 \SystemRoot\System32\Drivers\bthport.sys
0x9E172000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9E19B000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x9E1A5000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9E1BF000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x9E1CE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9E1D9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9E1E7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x88DEA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9E203000 \SystemRoot\system32\DRIVERS\smb.sys
0x9E217000 \SystemRoot\system32\drivers\afd.sys
0x9E25F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9E291000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9E2A7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9E2B5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9E2C8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9E2CE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9E30A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9E314000 \SystemRoot\System32\Drivers\dfsc.sys
0x9E32B000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x9E351000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9E35E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9E369000 \SystemRoot\System32\Drivers\dump_msahci.sys
0xA6450000 \SystemRoot\System32\win32k.sys
0x9E373000 \SystemRoot\System32\drivers\Dxapi.sys
0x9E37D000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA6670000 \SystemRoot\System32\TSDDD.dll
0xA6690000 \SystemRoot\System32\cdd.dll
0x9E38C000 \SystemRoot\system32\drivers\luafv.sys
0x9E3A7000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA920C000 \SystemRoot\system32\drivers\spsys.sys
0xA92BC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA92CC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA92F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9300000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA9313000 \SystemRoot\system32\drivers\HTTP.sys
0xA9380000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA939D000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA93B6000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA93CB000 \SystemRoot\system32\drivers\mrxdav.sys
0x9E3BC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAAC0D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAAC46000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAAC5E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAAC86000 \SystemRoot\System32\DRIVERS\srv.sys
0xAACED000 \SystemRoot\system32\drivers\peauth.sys
0xAADCB000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAADD5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAADE3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAADF9000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xAAC00000 \??\C:\Users\tanja\AppData\Local\Temp\catchme.sys
0xAACDC000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0xA93EC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x9E3DB000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x895D0000 \??\C:\Users\tanja\AppData\Local\Temp\ugloipow.sys
0x77C10000 \WINDOWS\System32\ntdll.dll

Processes (total 86):
0 System Idle Process
4 System
488 C:\WINDOWS\System32\smss.exe
556 csrss.exe
628 csrss.exe
636 C:\WINDOWS\System32\wininit.exe
672 C:\WINDOWS\System32\services.exe
684 C:\WINDOWS\System32\lsass.exe
696 C:\WINDOWS\System32\lsm.exe
832 C:\WINDOWS\System32\svchost.exe
916 C:\WINDOWS\System32\svchost.exe
960 C:\WINDOWS\System32\winlogon.exe
1000 C:\WINDOWS\System32\svchost.exe
1044 C:\WINDOWS\System32\atiesrxx.exe
1072 C:\WINDOWS\System32\svchost.exe
1104 C:\WINDOWS\System32\svchost.exe
1116 C:\WINDOWS\System32\svchost.exe
1144 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe
1300 C:\WINDOWS\System32\audiodg.exe
1420 C:\WINDOWS\System32\svchost.exe
1440 C:\WINDOWS\System32\SLsvc.exe
1488 C:\WINDOWS\System32\svchost.exe
1512 C:\WINDOWS\System32\atieclxx.exe
1604 C:\WINDOWS\System32\hpservice.exe
1680 C:\WINDOWS\System32\svchost.exe
1904 C:\WINDOWS\System32\spoolsv.exe
1928 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1936 C:\WINDOWS\System32\wlanext.exe
1948 C:\WINDOWS\System32\svchost.exe
740 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe
840 C:\WINDOWS\System32\agrsmsvc.exe
624 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1112 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
816 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1648 C:\Program Files\Bonjour\mDNSResponder.exe
1688 C:\WINDOWS\System32\svchost.exe
560 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2060 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2120 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2240 C:\WINDOWS\System32\svchost.exe
2260 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2280 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2312 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2336 C:\WINDOWS\System32\svchost.exe
2396 C:\WINDOWS\System32\svchost.exe
2432 C:\WINDOWS\System32\SearchIndexer.exe
2980 C:\WINDOWS\System32\taskeng.exe
3296 C:\WINDOWS\System32\dwm.exe
3360 C:\WINDOWS\System32\taskeng.exe
3636 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3644 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3688 C:\Program Files\HP\QuickPlay\QPService.exe
3708 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3744 C:\Program Files\Napster\napster.exe
3752 C:\WINDOWS\WindowsMobile\wmdSync.exe
3760 C:\Program Files\IDT\WDM\sttray.exe
3800 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3844 C:\Program Files\iTunes\iTunesHelper.exe
3976 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4036 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
4052 C:\WINDOWS\ehome\ehtray.exe
1412 C:\Program Files\Windows Media Player\wmpnscfg.exe
2324 C:\WINDOWS\ehome\ehmsas.exe
772 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2576 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3476 C:\Program Files\OpenOffice.org 3\program\soffice.bin
3656 C:\WINDOWS\System32\svchost.exe
1348 WmiPrvSE.exe
4000 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2804 C:\Program Files\Windows Media Player\wmpnetwk.exe
1960 C:\Program Files\iPod\bin\iPodService.exe
4204 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4296 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4476 C:\WINDOWS\System32\svchost.exe
6092 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4660 C:\WINDOWS\System32\conime.exe
2740 C:\WINDOWS\explorer.exe
3484 C:\Program Files\Internet Explorer\iexplore.exe
5464 C:\Program Files\Internet Explorer\iexplore.exe
3220 C:\Program Files\Internet Explorer\iexplore.exe
5692 C:\Users\tanja\Downloads\osam_autorun_manager_5_0_portable\osam.exe
2600 C:\WINDOWS\System32\notepad.exe
5468 C:\Program Files\Internet Explorer\iexplore.exe
2568 C:\WINDOWS\System32\SearchProtocolHost.exe
1920 C:\WINDOWS\System32\SearchFilterHost.exe
4844 C:\Users\tanja\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 07.05.2011 20:56
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

froosl 08.05.2011 06:49
so, hier mal superantispy:

UPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 05/08/2011 at 07:38 AM

Application Version : 4.52.1000

Core Rules Database Version : 7012
Trace Rules Database Version: 4824

Scan type : Complete Scan
Total Scan Time : 01:08:08

Memory items scanned : 786
Memory threats detected : 0
Registry items scanned : 9461
Registry threats detected : 0
File items scanned : 34524
File threats detected : 51

Adware.Tracking Cookie
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@doubleclick[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@unitymedia[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@apmebf[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@webmasterplan[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@adfarm1.adition[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@ad3.adfarm1.adition[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@mediaplex[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@tracking.mlsat02[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@specificclick[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@ad2.adfarm1.adition[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@adviva[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@bs.serving-sys[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@tracking.quisma[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@atdmt[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@de.sitestat[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@zanox-affiliate[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@olympiaverlag.122.2o7[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@adtech[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@content.yieldmanager[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@ad.ad-srv[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@tradedoubler[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@ad.zanox[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@zanox[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@lfstmedia[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@smartadserver[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@de.sitestat[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@traffictrack[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@ad.yieldmanager[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@ww251.smartadserver[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@im.banner.t-online[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@serving-sys[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\Low\standard@de.at.atwola[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\Low\standard@atdmt[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\Low\standard@2o7[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\Low\standard@tracking.mindshare[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\Low\standard@apmebf[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\Low\standard@bs.serving-sys[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\Low\standard@advertising[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\Low\standard@doubleclick[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\Low\standard@mediaplex[1].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\Low\standard@serving-sys[2].txt
C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\Low\standard@www.etracker[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@ad3.adfarm1.adition[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@ad2.adfarm1.adition[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@ads.medienhaus[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@imrworldwide[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@smartadserver[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@adfarm1.adition[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@adform[2].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@track.adform[1].txt
C:\Users\tanja\AppData\Roaming\Microsoft\Windows\Cookies\tanja@xiti[1].txt

froosl 08.05.2011 06:53
und hier noch malwarebytes, hatte ich schon laufen lassen. Falls ich es nochmal machen soll gibst mir bitte bescheid.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6472

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

29.04.2011 19:33:14
mbam-log-2011-04-29 (19-33-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 333686
Laufzeit: 1 Stunde(n), 41 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 08.05.2011 13:39
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

froosl 08.05.2011 19:45
nein, auch antivir hat keine weiteren meldungen gebracht. update habe ich auf täglich eingestellt.

cosinus 09.05.2011 12:19
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

froosl 10.05.2011 20:31
Alles klar, dann vielen Dank für die super Hilfe. Euer Spendenkonto wird dann entsprechend aufgefüllt werden.

Grüße

Frank

cosinus 10.05.2011 21:00
Zitat:
Zitat von froosl (Beitrag 655844)
Euer Spendenkonto wird dann entsprechend aufgefüllt werden.
:dankeschoen: :party:


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131