Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Banking Trojaner? Sparda Bank (https://www.trojaner-board.de/98592-banking-trojaner-sparda-bank.html)

der_jipi 02.05.2011 12:53
Banking Trojaner? Sparda Bank
 
Hallo.
Ich habe ein sehr ähnliches Problem wie der Herr in diesem Thread. Nach Regel 1 des Boards eröffne ich aber ein eugenes Thema dazu:

Seit letzter Woche ist mir aufgefallen, dass Programme (Firefox/Thunderbird/iTunes usw...) oft doppelt oder dreifach gestartet werden müssen, bis was passiert. Beim ersten Klick kommt oft nur der Warte-Mauszeiger und verschwindet nach 2-3 Sekunden. Danach passiert nichts mehr.

Heute ist mir beim versuchten Onlinebanking das gleiche passiert, wie o.g. Herr in seinem Thread beschreibt: Nach Eingabe der Logindaten auf der Bank-Webseite (keine Tippfehler in der Adresse) kommt folgende Meldung:
Zitat:
Achtung!
Sehr geehrter Benutzer. Ihr account für einige Funktion ist gespert! Bitte bestätigen Sie Ihre gültige TAN-Liste, damit können Sie Ihre onlinebanking weiter voll benutzen. Fur Bestätigung Ihre TAN-Liste, füllen Sie die Form unten und drücken Sie die Taste �Absenden�. Wir bedanken Ihnen um Ihre Verständnis.
Und will alle 100 Tans haben! Auch wenn man gar keine Logindaten eingibt, kommt die Meldung. Ich habe natürlich gleich bei der Bank angerufen und mein Onlinebanking sperren lassen.

Ich habe 4 Partitionen auf meinem System. Muss ich mich von allen Daten verabschieden, oder nur die Systempartition formatieren?
Wenn ich sowieso mein Win7 neu aufsetzen muss, will ich gleich ein Dualboot-system mit Win7 und Ubuntu 11.04 erstellen, also werde ich sowieso Partitionen schubsen müssen usw...



OTL.txt sagt:
OTL Logfile:
Code:
OTL logfile created on: 02.05.2011 13:32:24 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\der Jipi\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 36,62 Gb Total Space | 2,13 Gb Free Space | 5,83% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 39,56 Gb Free Space | 16,99% Space Free | Partition Type: NTFS
Drive E: | 75,68 Gb Total Space | 4,98 Gb Free Space | 6,58% Space Free | Partition Type: NTFS
Drive F: | 353,45 Gb Total Space | 28,54 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
 
Computer Name: RRIF | User Name: der Jipi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.02 13:25:39 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\DERJIP~1\AppData\Local\Temp\GSS9359.exe
PRC - [2011.05.02 13:23:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\OTL.exe
PRC - [2011.04.29 15:18:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.18 12:18:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.30 11:39:01 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009.08.06 01:00:00 | 005,497,856 | ---- | M] () -- C:\xampp\xampp\mysql\bin\mysqld.exe
PRC - [2009.08.06 01:00:00 | 000,024,640 | ---- | M] (Apache Software Foundation) -- C:\xampp\xampp\apache\bin\httpd.exe
PRC - [2009.03.20 03:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 03:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.02 13:23:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.12.09 03:19:44 | 000,094,208 | ---- | M] (Dropbox, Inc.) -- C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
MOD - [2009.07.14 03:15:09 | 000,854,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dbghelp.dll
MOD - [2009.04.29 03:13:20 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\MSVCP71.dll
MOD - [2008.03.04 02:34:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\MSVCR71.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.10.14 17:39:35 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.04.29 15:18:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.18 12:18:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.10.14 17:37:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.08.06 01:00:00 | 005,497,856 | ---- | M] () [Auto | Running] -- C:\xampp\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009.08.06 01:00:00 | 000,024,640 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 03:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.02.18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.12.01 14:39:06 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.11.30 11:39:01 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.03.02 14:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2009.12.19 10:11:40 | 000,314,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.23 01:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.20 03:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2009.03.20 03:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.02.06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007.06.08 15:26:10 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2at64.sys -- (Ser2at)
DRV:64bit: - [2006.12.28 02:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.9
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.30 10:17:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.30 10:17:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.04.30 10:01:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.09.10 17:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Extensions
[2010.09.10 17:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.30 10:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions
[2010.09.28 08:40:57 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.01.14 13:00:25 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.04.29 19:04:10 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011.01.13 10:49:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.10.09 23:47:46 | 000,000,000 | ---D | M] (GrApple Delicious (blue)) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{472be34c-9688-fd8a-227e-f32eabb78c1c}
[2009.10.09 23:47:46 | 000,000,000 | ---D | M] (iFox) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2011.04.16 10:34:46 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.04.16 10:34:54 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\der Jipi\AppData\Roaming\mozilla\Firefox\Profiles\s9hvgrob.default\extensions\foxmarks@kei.com
[2010.01.21 21:26:53 | 000,002,321 | ---- | M] () -- C:\Users\der Jipi\AppData\Roaming\Mozilla\Firefox\Profiles\s9hvgrob.default\searchplugins\forestle-de.xml
[2008.10.28 08:34:32 | 000,001,196 | ---- | M] () -- C:\Users\der Jipi\AppData\Roaming\Mozilla\Firefox\Profiles\s9hvgrob.default\searchplugins\winamp-search.xml
[2011.04.30 10:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.27 16:10:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.20 09:18:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.18 17:48:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.20 10:57:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.17 10:19:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\DER JIPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9HVGROB.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI
() (No name found) -- C:\USERS\DER JIPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9HVGROB.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\DER JIPI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S9HVGROB.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.10.14 18:09:13 | 000,001,345 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:    127.0.0.1 activate.adobe.com
O1 - Hosts:    127.0.0.1 practivate.adobe.com
O1 - Hosts:    127.0.0.1 ereg.adobe.com
O1 - Hosts:    127.0.0.1 activate.wip3.adobe.com
O1 - Hosts:    127.0.0.1 wip3.adobe.com
O1 - Hosts:    127.0.0.1 3dns-3.adobe.com
O1 - Hosts:    127.0.0.1 3dns-2.adobe.com
O1 - Hosts:    127.0.0.1 adobe-dns.adobe.com
O1 - Hosts:    127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts:    127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts:    127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts:    127.0.0.1 activate-sea.adobe.com
O1 - Hosts:    127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts:    127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts:    127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - Startup: C:\Users\der Jipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\Shell - "" = AutoRun
O33 - MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\Shell\AutoRun\command - "" = J:\pushinst.exe
O33 - MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\Shell - "" = AutoRun
O33 - MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\Shell - "" = AutoRun
O33 - MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: AVMWlanClient - hkey= - key= - C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.02 13:31:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.02 13:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.05.02 13:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.05.02 13:22:48 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\der Jipi\Desktop\Erunt-setup.exe
[2011.05.02 13:22:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\OTL.exe
[2011.05.02 13:22:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\TFC.exe
[2011.04.29 19:36:42 | 000,000,000 | ---D | C] -- C:\Users\der Jipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2011.04.23 17:45:29 | 000,000,000 | ---D | C] -- C:\Users\der Jipi\.traverso
[2011.04.23 17:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Traverso
[2011.04.23 17:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Traverso
[2011.04.23 11:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.23 11:37:14 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.23 11:37:13 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.23 11:34:59 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.23 11:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.04.18 16:15:51 | 000,000,000 | ---D | C] -- C:\Users\der Jipi\Desktop\kjr
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.02 13:32:54 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.02 13:32:54 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.02 13:30:59 | 000,000,920 | ---- | M] () -- C:\Users\der Jipi\Desktop\NTREGOPT.lnk
[2011.05.02 13:30:59 | 000,000,901 | ---- | M] () -- C:\Users\der Jipi\Desktop\ERUNT.lnk
[2011.05.02 13:29:57 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.02 13:29:57 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.02 13:29:57 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.02 13:29:57 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.02 13:29:57 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.02 13:25:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.02 13:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.02 13:25:13 | 1609,420,800 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.02 13:23:24 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\der Jipi\Desktop\Erunt-setup.exe
[2011.05.02 13:23:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\OTL.exe
[2011.05.02 13:23:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\der Jipi\Desktop\TFC.exe
[2011.05.02 13:19:11 | 000,377,282 | ---- | M] () -- C:\Users\der Jipi\Desktop\Load.exe
[2011.05.02 13:01:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.27 17:26:31 | 000,091,911 | ---- | M] () -- C:\Users\der Jipi\Desktop\V50_Spezial_Schaltplan_ohne_Blinker.jpg
[2011.04.23 11:37:54 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.17 18:05:12 | 002,891,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.15 10:57:38 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
 
========== Files Created - No Company Name ==========
 
[2011.05.02 13:30:59 | 000,000,920 | ---- | C] () -- C:\Users\der Jipi\Desktop\NTREGOPT.lnk
[2011.05.02 13:30:59 | 000,000,901 | ---- | C] () -- C:\Users\der Jipi\Desktop\ERUNT.lnk
[2011.05.02 13:22:35 | 000,377,282 | ---- | C] () -- C:\Users\der Jipi\Desktop\Load.exe
[2011.04.30 10:17:25 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.27 17:26:29 | 000,091,911 | ---- | C] () -- C:\Users\der Jipi\Desktop\V50_Spezial_Schaltplan_ohne_Blinker.jpg
[2011.04.23 11:37:54 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.01.29 02:02:33 | 000,151,602 | ---- | C] () -- C:\Windows\SysWow64\pspnt.dll
[2011.01.29 02:02:33 | 000,065,606 | ---- | C] () -- C:\Windows\SysWow64\rmvport.exe
[2010.12.12 16:27:38 | 000,001,526 | ---- | C] () -- C:\Windows\ImpactView.INI
[2010.11.17 21:54:08 | 000,001,640 | ---- | C] () -- C:\Users\der Jipi\AppData\Roaming\gnuplot_history
[2010.09.13 19:50:42 | 000,450,560 | ---- | C] () -- C:\Windows\mlib.dll
[2010.09.13 19:50:42 | 000,376,832 | ---- | C] () -- C:\Windows\libmwfftw.dll
[2010.09.13 19:50:42 | 000,229,376 | ---- | C] () -- C:\Windows\sgl.dll
[2010.09.13 19:50:42 | 000,176,128 | ---- | C] () -- C:\Windows\libmwumfpack.dll
[2010.09.13 19:50:42 | 000,057,344 | ---- | C] () -- C:\Windows\libmwlapack.dll
[2010.09.13 19:50:42 | 000,045,056 | ---- | C] () -- C:\Windows\libmwgcl.dll
[2010.09.13 19:50:42 | 000,045,056 | ---- | C] () -- C:\Windows\libmwcl.dll
[2010.09.13 19:50:41 | 001,662,976 | ---- | C] () -- C:\Windows\lapack.dll
[2010.09.13 19:50:41 | 001,048,576 | ---- | C] () -- C:\Windows\atlas_PIII.dll
[2010.09.13 19:50:41 | 000,868,352 | ---- | C] () -- C:\Windows\hg_sgl.dll
[2010.09.13 19:50:41 | 000,765,952 | ---- | C] () -- C:\Windows\libmatlb.dll
[2010.09.13 19:50:41 | 000,421,888 | ---- | C] () -- C:\Windows\gui_sgl.dll
[2010.09.13 19:50:41 | 000,110,592 | ---- | C] () -- C:\Windows\hardcopy_sgl.dll
[2010.09.13 19:50:41 | 000,053,248 | ---- | C] () -- C:\Windows\ismembc.dll
[2010.09.13 19:50:41 | 000,020,480 | ---- | C] () -- C:\Windows\convnc.dll
[2010.08.26 15:37:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.07.19 23:20:50 | 000,000,600 | ---- | C] () -- C:\Users\der Jipi\AppData\Roaming\winscp.rnd
[2010.05.01 21:41:25 | 000,004,608 | ---- | C] () -- C:\Users\der Jipi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.06 18:00:33 | 000,096,788 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.02.13 14:37:57 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\RtlCPAPI.dll
[2010.02.13 14:37:57 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2010.02.13 14:37:57 | 000,037,376 | ---- | C] () -- C:\Windows\CPLUtl64.exe
[2010.02.13 14:36:51 | 000,000,164 | ---- | C] () -- C:\Windows\avrack.ini
[2010.01.24 17:18:01 | 000,007,601 | ---- | C] () -- C:\Users\der Jipi\AppData\Local\Resmon.ResmonCfg
[2009.10.14 14:20:01 | 000,000,600 | ---- | C] () -- C:\Users\der Jipi\AppData\Local\PUTTY.RND
[2009.10.09 23:43:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.09 21:06:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010.02.23 18:09:27 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Artisteer
[2011.03.26 11:48:29 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Audacity
[2010.11.30 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\CadSoft
[2010.11.10 17:25:11 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.05.02 13:25:54 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Dropbox
[2010.12.23 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\FileZilla
[2009.11.23 11:41:33 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Funambol
[2009.10.10 16:26:41 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Notepad++
[2009.10.14 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\OpenOffice.org
[2010.03.31 01:04:15 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Reign of Augustus
[2009.11.12 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Subversion
[2010.12.16 13:29:41 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\TeamViewer
[2010.09.10 17:41:20 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Thunderbird
[2009.11.27 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\Trillian
[2010.07.20 08:16:45 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\TrueCrypt
[2010.11.09 22:49:29 | 000,000,000 | ---D | M] -- C:\Users\der Jipi\AppData\Roaming\xm1
[2011.02.06 12:52:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.12.20 17:51:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.09.20 12:10:29 | 000,000,000 | ---D | M] -- C:\adaptec
[2009.10.09 22:03:26 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.10.09 21:32:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.04.26 20:48:24 | 000,000,000 | ---D | M] -- C:\jDownloader
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.04.23 11:37:14 | 000,000,000 | R--D | M] -- C:\Programme
[2011.05.02 13:30:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2010.11.09 23:54:36 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.10.09 21:32:40 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.10.09 21:32:41 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.05.02 13:34:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.09.13 20:21:19 | 000,000,000 | ---D | M] -- C:\temp_buffer
[2010.04.23 18:44:28 | 000,000,000 | R--D | M] -- C:\Users
[2011.05.02 13:31:17 | 000,000,000 | ---D | M] -- C:\Windows
[2010.05.28 23:47:19 | 000,000,000 | ---D | M] -- C:\WinSetupFromUSB
[2009.11.02 13:15:41 | 000,000,000 | ---D | M] -- C:\xampp
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<          >

< End of report >
--- --- ---


Und Extras.txt sagt:
OTL Logfile:
Code:
OTL Extras logfile created on: 02.05.2011 13:32:24 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\der Jipi\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 36,62 Gb Total Space | 2,13 Gb Free Space | 5,83% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 39,56 Gb Free Space | 16,99% Space Free | Partition Type: NTFS
Drive E: | 75,68 Gb Total Space | 4,98 Gb Free Space | 6,58% Space Free | Partition Type: NTFS
Drive F: | 353,45 Gb Total Space | 28,54 Gb Free Space | 8,07% Space Free | Partition Type: NTFS
 
Computer Name: RRIF | User Name: der Jipi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{22421266-50FE-48AF-A536-20AE32563B22}" = Oracle VM VirtualBox 3.2.12
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AC2512D4-ED8A-4015-BF87-92478483C171}" = TortoiseSVN 1.6.6.17493 (64 bit)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"CCleaner" = CCleaner
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23C08587-19F4-4BBC-9078-26CF8EB02256}" = PL-2303 Vista Driver Installer-ATEN
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 9.0.600.2
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = UC-232A USB-to-Serial
"{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F318330F-DE7D-4B22-AF7C-C3760DDC2EF3}" = Xmarks for IE
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.3.0
"DC2dInvRes_is1" = DC2dInvRes v. 2.12.0
"EADM" = EA Download Manager
"EAGLE 5.10.0" = EAGLE 5.10.0
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.3.3
"InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA-Treiber
"IXRefraX" = IXRefraX
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"MiKTeX 2.9" = MiKTeX 2.9
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Notepad++" = Notepad++
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"Speccy" = Speccy
"Tera Term_is1" = Tera Term 4.64
"Texmaker" = Texmaker
"Traverso_is1" = Traverso 0.49.1
"TrueCrypt" = TrueCrypt
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"winscp3_is1" = WinSCP 4.2.8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.04.2011 14:44:41 | Computer Name = RRiF | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4095 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1474    Startzeit:
 01cc0441b27aa1f3    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 3d62b989-7035-11e0-81c4-001558aef1bb 
 
Error - 26.04.2011 15:34:09 | Computer Name = RRiF | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.04.2011 15:34:52 | Computer Name = RRiF | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.04.2011 04:34:57 | Computer Name = RRiF | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.04.2011 04:35:21 | Computer Name = RRiF | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.04.2011 08:33:43 | Computer Name = RRiF | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.2.2.12 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 3270    Startzeit:
 01cc04d154256c8b    Endzeit: 17    Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe

Berichts-ID:
 
 
Error - 27.04.2011 09:06:08 | Computer Name = RRiF | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.2.2.12 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2a88    Startzeit:
 01cc04d7a63aeb95    Endzeit: 30    Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe

Berichts-ID:
 
 
Error - 29.04.2011 09:16:06 | Computer Name = RRiF | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Dropbox.exe, Version: 0.7.110.0,
Zeitstempel: 0x477b8d63  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000103bb  ID des fehlerhaften
 Prozesses: 0x964  Startzeit der fehlerhaften Anwendung: 0x01cc066f8d0cec03  Pfad der
 fehlerhaften Anwendung: C:\Users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: d6b115df-7262-11e0-a4fe-001558aef1bb
 
Error - 30.04.2011 04:12:36 | Computer Name = RRiF | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4095 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e80    Startzeit:
01cc070e10a8aaa4    Endzeit: 118    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 996d1649-7301-11e0-a942-001558aef1bb 
 
Error - 30.04.2011 11:42:09 | Computer Name = RRiF | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CS4ServiceManager.exe, Version: 4.0.0.344,
 Zeitstempel: 0x48a440f3  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000103bb  ID des fehlerhaften
 Prozesses: 0xa40  Startzeit der fehlerhaften Anwendung: 0x01cc074d236198ec  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 6870baf7-7340-11e0-8d78-001558aef1bb
 
[ System Events ]
Error - 02.05.2011 06:56:27 | Computer Name = RRiF | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 02.05.2011 07:24:16 | Computer Name = RRiF | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 02.05.2011 07:24:21 | Computer Name = RRiF | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen
 Status gemeldet: 32
 
Error - 02.05.2011 07:25:09 | Computer Name = RRiF | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 02.05.2011 07:25:14 | Computer Name = RRiF | Source = volmgr | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 02.05.2011 07:26:20 | Computer Name = RRiF | Source = DCOM | ID = 10005
Description =
 
Error - 02.05.2011 07:26:20 | Computer Name = RRiF | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 02.05.2011 07:26:20 | Computer Name = RRiF | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 02.05.2011 07:26:52 | Computer Name = RRiF | Source = DCOM | ID = 10010
Description =
 
Error - 02.05.2011 07:32:08 | Computer Name = RRiF | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---



Ich bedanke mich schonmal vielmals für eure Hilfe.
Schöne Grüße!

Edit:
Das Problem mit dem Online Banking tritt - wie ich gerade festgestellt habe - nur im Firefox auf, nicht aber im Chrome oder IE. Habe gestern erst Version 4 vom Firefox installiert. Davor habe ich das Problem zumindest noch nicht entdeckt.

cosinus 02.05.2011 13:36
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

der_jipi 02.05.2011 14:57
Der obige Link ist abhanden gekommen, ich meinte damit diesen Thread: http://www.trojaner-board.de/98420-t...e-banking.html (Die Links werden irgndwie nicht gespeichert)

Malwarebytes sagt folgendes in der einzigen Logdatei, die unter dem entsprechenden Reiter angezeigt wird:
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6491

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.05.2011 15:46:28
mbam-log-2011-05-02 (15-46-28).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152888
Laufzeit: 2 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 02.05.2011 15:24
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

der_jipi 02.05.2011 23:23
Ok also hier der ausführliche Scan.
Die erste Datei ist ein Programm, dass mir die SN meiner Win7 Installation anzeigt. Ich habe von meiner Uni aus 3 Lizenzen bekommen und wusste nicht mehr, welche frei war und welche schon installiert... Zuletzt benutzt vor ca. einem halben Jahr.
Die zweite Datei ist irgendein Script von einem Spiel. Alles was damit zusammenhängt habe ich mindestens zwei Jahre nicht mehr angefasst (vor allem noch nie, seit ich Win7 drauf habe).

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6493

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.05.2011 23:52:25
mbam-log-2011-05-02 (23-52-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 598531
Laufzeit: 1 Stunde(n), 34 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\firefox dls\produkey141\ProduKey.exe (PUP.PSWTool.ProductKey) -> Not selected for removal.
e:\spielplatz\awesom-o 3.5.6\Redvex\brring.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

cosinus 03.05.2011 08:30
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\Shell - "" = AutoRun
O33 - MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\Shell\AutoRun\command - "" = J:\pushinst.exe
O33 - MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\Shell - "" = AutoRun
O33 - MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\Shell - "" = AutoRun
O33 - MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

der_jipi 03.05.2011 10:48
...ist erledigt. Diese exe-Dateien und einige Registry-Keys konnte er wohl nicht finden:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{636a521e-d052-11df-833e-ba0ecdb81951}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{636a521e-d052-11df-833e-ba0ecdb81951}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{636a521e-d052-11df-833e-ba0ecdb81951}\ not found.
File J:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9110dcb7-b597-11de-a094-001558aef1bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9110dcb7-b597-11de-a094-001558aef1bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9110dcb7-b597-11de-a094-001558aef1bb}\ not found.
File I:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf64fb51-7281-11e0-aaa2-001558aef1bb}\ not found.
File L:\LaunchU3.exe -a not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: der Jipi
->Temp folder emptied: 95421 bytes
->Temporary Internet Files folder emptied: 2835197 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 34454664 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2320 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3350 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 36,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 05032011_112706

Files\Folders moved on Reboot...
C:\Users\der Jipi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 03.05.2011 10:57
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

der_jipi 03.05.2011 11:27
Vielen Dank übrigens für die ausführliche und individuelle Hilfe!

Dieses Kaspersky Tool hat laut der Anzeige im ui nichts finden können. Hier ist das Log dazu:

Code:
2011/05/03 12:23:46.0180 4456        TDSS rootkit removing tool 2.5.0.0 May  1 2011 14:20:16
2011/05/03 12:23:46.0336 4456        ================================================================================
2011/05/03 12:23:46.0336 4456        SystemInfo:
2011/05/03 12:23:46.0336 4456       
2011/05/03 12:23:46.0336 4456        OS Version: 6.1.7600 ServicePack: 0.0
2011/05/03 12:23:46.0336 4456        Product type: Workstation
2011/05/03 12:23:46.0336 4456        ComputerName: RRIF
2011/05/03 12:23:46.0336 4456        UserName: der Jipi
2011/05/03 12:23:46.0336 4456        Windows directory: C:\Windows
2011/05/03 12:23:46.0336 4456        System windows directory: C:\Windows
2011/05/03 12:23:46.0336 4456        Running under WOW64
2011/05/03 12:23:46.0336 4456        Processor architecture: Intel x64
2011/05/03 12:23:46.0336 4456        Number of processors: 2
2011/05/03 12:23:46.0336 4456        Page size: 0x1000
2011/05/03 12:23:46.0336 4456        Boot type: Normal boot
2011/05/03 12:23:46.0336 4456        ================================================================================
2011/05/03 12:23:46.0594 4456        Initialize success
2011/05/03 12:23:47.0716 5360        ================================================================================
2011/05/03 12:23:47.0716 5360        Scan started
2011/05/03 12:23:47.0716 5360        Mode: Manual;
2011/05/03 12:23:47.0716 5360        ================================================================================
2011/05/03 12:23:49.0117 5360        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/03 12:23:49.0153 5360        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/03 12:23:49.0188 5360        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/03 12:23:49.0235 5360        adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/05/03 12:23:49.0399 5360        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/03 12:23:49.0544 5360        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/03 12:23:49.0681 5360        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/03 12:23:49.0771 5360        AFD            (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/03 12:23:49.0813 5360        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/03 12:23:49.0861 5360        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/03 12:23:49.0881 5360        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/03 12:23:49.0919 5360        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/03 12:23:49.0943 5360        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/03 12:23:49.0970 5360        amdsata        (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/05/03 12:23:49.0998 5360        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/03 12:23:50.0033 5360        amdxata        (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/05/03 12:23:50.0145 5360        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/03 12:23:50.0295 5360        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/03 12:23:50.0326 5360        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/03 12:23:50.0368 5360        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/03 12:23:50.0396 5360        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/03 12:23:50.0614 5360        atikmdag        (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/03 12:23:50.0721 5360        avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/03 12:23:50.0802 5360        avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/03 12:23:50.0856 5360        avmeject        (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
2011/05/03 12:23:50.0922 5360        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/03 12:23:50.0972 5360        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/03 12:23:51.0036 5360        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/03 12:23:51.0100 5360        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/03 12:23:51.0466 5360        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/03 12:23:51.0512 5360        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/03 12:23:51.0533 5360        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/03 12:23:51.0587 5360        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/03 12:23:51.0620 5360        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/03 12:23:51.0645 5360        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/03 12:23:51.0759 5360        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/03 12:23:51.0795 5360        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/03 12:23:51.0856 5360        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/03 12:23:51.0910 5360        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/03 12:23:51.0961 5360        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/03 12:23:52.0010 5360        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/03 12:23:52.0056 5360        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/03 12:23:52.0088 5360        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/03 12:23:52.0133 5360        CNG            (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/03 12:23:52.0163 5360        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/03 12:23:52.0209 5360        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/03 12:23:52.0249 5360        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/03 12:23:52.0372 5360        CSC            (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/05/03 12:23:52.0434 5360        DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/03 12:23:52.0476 5360        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/03 12:23:52.0552 5360        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/03 12:23:52.0630 5360        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/03 12:23:52.0677 5360        DXGKrnl        (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/03 12:23:52.0786 5360        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/03 12:23:52.0864 5360        ElbyCDIO        (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/03 12:23:52.0926 5360        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/03 12:23:52.0958 5360        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/03 12:23:53.0004 5360        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/03 12:23:53.0036 5360        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/03 12:23:53.0067 5360        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/03 12:23:53.0129 5360        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/03 12:23:53.0160 5360        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/03 12:23:53.0207 5360        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/03 12:23:53.0254 5360        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/03 12:23:53.0301 5360        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/03 12:23:53.0332 5360        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/03 12:23:53.0379 5360        fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/03 12:23:53.0441 5360        FWLANUSB        (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/05/03 12:23:53.0504 5360        fwlanusbn      (630cb27253ea63bb0990c40c72bfcfe1) C:\Windows\system32\DRIVERS\fwlanusbn.sys
2011/05/03 12:23:53.0550 5360        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/03 12:23:53.0582 5360        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/03 12:23:53.0691 5360        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/03 12:23:53.0753 5360        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/03 12:23:53.0800 5360        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/03 12:23:53.0831 5360        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/03 12:23:53.0862 5360        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/03 12:23:53.0894 5360        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/03 12:23:53.0940 5360        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/03 12:23:53.0987 5360        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/03 12:23:54.0034 5360        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/03 12:23:54.0081 5360        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/03 12:23:54.0112 5360        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/03 12:23:54.0159 5360        iaStorV        (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/05/03 12:23:54.0206 5360        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/03 12:23:54.0315 5360        IntcAzAudAddService (c1e2d46eb6e533dd087c684d33411f4a) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/03 12:23:54.0393 5360        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/03 12:23:54.0424 5360        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/03 12:23:54.0471 5360        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/03 12:23:54.0502 5360        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/03 12:23:54.0533 5360        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/03 12:23:54.0596 5360        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/03 12:23:54.0627 5360        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/03 12:23:54.0658 5360        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/03 12:23:54.0705 5360        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/03 12:23:54.0736 5360        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/03 12:23:54.0767 5360        KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/03 12:23:54.0814 5360        KSecPkg        (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/03 12:23:54.0845 5360        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/03 12:23:54.0923 5360        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/03 12:23:54.0986 5360        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/03 12:23:55.0017 5360        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/03 12:23:55.0048 5360        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/03 12:23:55.0079 5360        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/03 12:23:55.0126 5360        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/03 12:23:55.0157 5360        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/03 12:23:55.0188 5360        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/03 12:23:55.0235 5360        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/03 12:23:55.0266 5360        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/03 12:23:55.0298 5360        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/03 12:23:55.0344 5360        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/03 12:23:55.0376 5360        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/03 12:23:55.0407 5360        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/03 12:23:55.0422 5360        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/03 12:23:55.0469 5360        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/03 12:23:55.0516 5360        mrxsmb          (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/03 12:23:55.0563 5360        mrxsmb10        (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/03 12:23:55.0594 5360        mrxsmb20        (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/03 12:23:55.0625 5360        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/03 12:23:55.0656 5360        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/03 12:23:55.0750 5360        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/03 12:23:55.0781 5360        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/03 12:23:55.0812 5360        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/03 12:23:55.0875 5360        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/03 12:23:55.0906 5360        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/03 12:23:55.0922 5360        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/03 12:23:55.0968 5360        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/03 12:23:56.0015 5360        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/03 12:23:56.0046 5360        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/03 12:23:56.0078 5360        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/03 12:23:56.0109 5360        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/03 12:23:56.0171 5360        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/03 12:23:56.0234 5360        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/03 12:23:56.0280 5360        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/03 12:23:56.0327 5360        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/03 12:23:56.0343 5360        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/03 12:23:56.0374 5360        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/03 12:23:56.0421 5360        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/03 12:23:56.0452 5360        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/03 12:23:56.0499 5360        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/03 12:23:56.0577 5360        netr28ux        (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
2011/05/03 12:23:56.0639 5360        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/03 12:23:56.0670 5360        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/03 12:23:56.0702 5360        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/03 12:23:56.0764 5360        Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/05/03 12:23:56.0826 5360        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/03 12:23:57.0170 5360        nvlddmkm        (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/03 12:23:57.0529 5360        nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/05/03 12:23:57.0778 5360        nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/05/03 12:23:57.0825 5360        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/03 12:23:57.0856 5360        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/03 12:23:57.0965 5360        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/03 12:23:57.0997 5360        partmgr        (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/03 12:23:58.0028 5360        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/03 12:23:58.0059 5360        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/03 12:23:58.0090 5360        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/03 12:23:58.0121 5360        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/03 12:23:58.0153 5360        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/03 12:23:58.0293 5360        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/03 12:23:58.0324 5360        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/03 12:23:58.0355 5360        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/03 12:23:58.0402 5360        PxHlpa64        (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/05/03 12:23:58.0465 5360        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/03 12:23:58.0527 5360        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/03 12:23:58.0558 5360        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/03 12:23:58.0589 5360        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/03 12:23:58.0636 5360        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/03 12:23:58.0667 5360        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/03 12:23:58.0714 5360        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/03 12:23:58.0745 5360        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/03 12:23:58.0777 5360        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/03 12:23:58.0808 5360        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/03 12:23:58.0839 5360        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/03 12:23:58.0886 5360        RDPDR          (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/05/03 12:23:58.0948 5360        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/03 12:23:58.0979 5360        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/03 12:23:59.0011 5360        RDPWD          (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/03 12:23:59.0073 5360        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/03 12:23:59.0135 5360        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/03 12:23:59.0198 5360        RTL8167        (66f9f7161d147b6486a22feb9425930d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/05/03 12:23:59.0245 5360        s3cap          (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/03 12:23:59.0291 5360        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/03 12:23:59.0323 5360        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/03 12:23:59.0385 5360        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/03 12:23:59.0447 5360        Ser2at          (210285d5fdfb06fc25f889c7487cd4e2) C:\Windows\system32\DRIVERS\ser2at64.sys
2011/05/03 12:23:59.0479 5360        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/03 12:23:59.0510 5360        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/03 12:23:59.0541 5360        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/03 12:23:59.0603 5360        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/03 12:23:59.0635 5360        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/03 12:23:59.0650 5360        sffp_sd        (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/03 12:23:59.0666 5360        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/03 12:23:59.0728 5360        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/03 12:23:59.0744 5360        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/03 12:23:59.0791 5360        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/03 12:23:59.0853 5360        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/03 12:23:59.0915 5360        srv            (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/03 12:23:59.0962 5360        srv2            (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/03 12:24:00.0025 5360        srvnet          (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/03 12:24:00.0071 5360        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/03 12:24:00.0118 5360        storflt        (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/03 12:24:00.0149 5360        storvsc        (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/03 12:24:00.0181 5360        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/03 12:24:00.0290 5360        Tcpip          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/03 12:24:00.0399 5360        TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/03 12:24:00.0446 5360        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/03 12:24:00.0477 5360        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/03 12:24:00.0508 5360        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/03 12:24:00.0555 5360        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/03 12:24:00.0586 5360        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/03 12:24:00.0680 5360        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/03 12:24:00.0727 5360        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/03 12:24:00.0758 5360        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/03 12:24:00.0805 5360        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/03 12:24:00.0867 5360        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/03 12:24:00.0914 5360        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/03 12:24:00.0945 5360        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/03 12:24:01.0007 5360        USBAAPL64      (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/03 12:24:01.0054 5360        usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/05/03 12:24:01.0085 5360        usbccgp        (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/03 12:24:01.0132 5360        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/03 12:24:01.0163 5360        usbehci        (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/03 12:24:01.0210 5360        usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/03 12:24:01.0257 5360        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/03 12:24:01.0273 5360        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/03 12:24:01.0304 5360        USBSTOR        (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/03 12:24:01.0335 5360        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/03 12:24:01.0429 5360        VBoxDrv        (781f08d3bd8fc0d052bbf5b0ac25da40) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/05/03 12:24:01.0491 5360        VBoxNetAdp      (48b196c4f368d0c1aec103ed6425d959) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/05/03 12:24:01.0538 5360        VBoxNetFlt      (d9713bc7825e499532805f7dd80797ec) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/05/03 12:24:01.0585 5360        VBoxUSBMon      (44385ae4255f7bd14cee41b7cd627dfc) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/05/03 12:24:01.0616 5360        VClone          (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/03 12:24:01.0663 5360        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/03 12:24:01.0725 5360        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/03 12:24:01.0756 5360        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/03 12:24:01.0772 5360        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/03 12:24:01.0803 5360        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/03 12:24:01.0850 5360        vmbus          (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/03 12:24:01.0881 5360        VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/03 12:24:01.0928 5360        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/03 12:24:01.0975 5360        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/03 12:24:02.0006 5360        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/03 12:24:02.0053 5360        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/03 12:24:02.0084 5360        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/03 12:24:02.0115 5360        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/03 12:24:02.0146 5360        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/03 12:24:02.0209 5360        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 12:24:02.0224 5360        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 12:24:02.0287 5360        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/03 12:24:02.0318 5360        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/03 12:24:02.0474 5360        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/03 12:24:02.0521 5360        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/03 12:24:02.0661 5360        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/03 12:24:02.0708 5360        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/03 12:24:02.0770 5360        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/03 12:24:02.0873 5360        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/03 12:24:02.0918 5360        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/03 12:24:03.0038 5360        ================================================================================
2011/05/03 12:24:03.0038 5360        Scan finished
2011/05/03 12:24:03.0038 5360        ================================================================================

cosinus 03.05.2011 12:59
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

der_jipi 03.05.2011 14:15
Zwischendrin kam eine Windows-Fehlermeldung "REV.exe funktioniert nicht mehr richtig und wird geschlossen".

CF selbst hat ganz schöne lange gedauert und folgendes Resultat geliefert:

log.txt:
Code:
ComboFix 11-05-02.04 - der Jipi 03.05.2011  14:26:15.1.2 - x64
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.2046.1229 [GMT 2:00]
ausgeführt von:: c:\users\der Jipi\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\jdownloader\jDownloader.exe
C:\SystemData
c:\systemdata\config.bin
c:\systemdata\SystemData.exe
c:\windows\system32\drivers\etc\hosts1
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-03 bis 2011-05-03  ))))))))))))))))))))))))))))))
.
.
2011-05-03 13:04 . 2011-05-03 13:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-02 11:30 . 2011-05-02 11:31        --------        d-----w-        c:\program files (x86)\ERUNT
2011-04-30 08:17 . 2011-04-14 16:40        142296        ----a-w-        c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-30 08:17 . 2011-04-14 16:40        89048        ----a-w-        c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-30 08:17 . 2011-04-14 16:40        781272        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-30 08:17 . 2011-04-14 16:40        465880        ----a-w-        c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-30 08:17 . 2011-04-14 16:40        1874904        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-30 08:17 . 2011-04-14 16:40        15832        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-30 08:17 . 2010-01-01 08:00        1974616        ----a-w-        c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-30 08:17 . 2010-01-01 08:00        1892184        ----a-w-        c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-29 17:36 . 2011-04-29 17:36        119808        ----a-r-        c:\users\der Jipi\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2011-04-23 15:45 . 2011-04-23 15:45        --------        d-----w-        c:\users\der Jipi\.traverso
2011-04-23 15:41 . 2011-04-23 15:41        --------        d-----w-        c:\program files (x86)\Traverso
2011-04-23 09:37 . 2011-04-23 09:37        --------        d-----w-        c:\program files\iPod
2011-04-23 09:37 . 2011-04-23 09:37        --------        d-----w-        c:\program files\iTunes
2011-04-23 09:34 . 2011-04-23 09:35        --------        d-----w-        c:\program files\Bonjour
2011-04-23 09:34 . 2011-04-23 09:35        --------        d-----w-        c:\program files (x86)\Bonjour
2011-04-06 14:26 . 2011-04-06 14:26        96544        ----a-w-        c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26        119584        ----a-w-        c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\SysWow64\dns-sd.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 15:36 . 2011-02-18 15:36        51712        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40 . 2010-04-20 07:17        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-02-02 16:11 . 2009-10-09 21:53        270720        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\der Jipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-14 1038088]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 Ser2at;ATEN USB to Serial port driver;c:\windows\system32\DRIVERS\ser2at64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [2009-08-05 24640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 06:46]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 06:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        97792        ----a-w-        c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        97792        ----a-w-        c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        97792        ----a-w-        c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 171520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\der Jipi\AppData\Roaming\Mozilla\Firefox\Profiles\s9hvgrob.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-257FA97667CE86F3 - c:\systemdata\SystemData.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-03  15:07:45
ComboFix-quarantined-files.txt  2011-05-03 13:07
.
Vor Suchlauf: 2.056.126.464 Bytes frei
Nach Suchlauf: 2.268.540.928 Bytes frei
.
- - End Of File - - 73A29EFF0D25E4F09CAC9505339D69A1

C:/ComboFix.txt (Ich glaub da steht das gleiche drin):
Code:
ComboFix 11-05-02.04 - der Jipi 03.05.2011  14:26:15.1.2 - x64
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.2046.1229 [GMT 2:00]
ausgeführt von:: c:\users\der Jipi\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\jdownloader\jDownloader.exe
C:\SystemData
c:\systemdata\config.bin
c:\systemdata\SystemData.exe
c:\windows\system32\drivers\etc\hosts1
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-03 bis 2011-05-03  ))))))))))))))))))))))))))))))
.
.
2011-05-03 13:04 . 2011-05-03 13:04        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-02 11:30 . 2011-05-02 11:31        --------        d-----w-        c:\program files (x86)\ERUNT
2011-04-30 08:17 . 2011-04-14 16:40        142296        ----a-w-        c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-30 08:17 . 2011-04-14 16:40        89048        ----a-w-        c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-30 08:17 . 2011-04-14 16:40        781272        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-30 08:17 . 2011-04-14 16:40        465880        ----a-w-        c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-30 08:17 . 2011-04-14 16:40        1874904        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-30 08:17 . 2011-04-14 16:40        15832        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-30 08:17 . 2010-01-01 08:00        1974616        ----a-w-        c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-30 08:17 . 2010-01-01 08:00        1892184        ----a-w-        c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-29 17:36 . 2011-04-29 17:36        119808        ----a-r-        c:\users\der Jipi\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2011-04-23 15:45 . 2011-04-23 15:45        --------        d-----w-        c:\users\der Jipi\.traverso
2011-04-23 15:41 . 2011-04-23 15:41        --------        d-----w-        c:\program files (x86)\Traverso
2011-04-23 09:37 . 2011-04-23 09:37        --------        d-----w-        c:\program files\iPod
2011-04-23 09:37 . 2011-04-23 09:37        --------        d-----w-        c:\program files\iTunes
2011-04-23 09:34 . 2011-04-23 09:35        --------        d-----w-        c:\program files\Bonjour
2011-04-23 09:34 . 2011-04-23 09:35        --------        d-----w-        c:\program files (x86)\Bonjour
2011-04-06 14:26 . 2011-04-06 14:26        96544        ----a-w-        c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26        119584        ----a-w-        c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\SysWow64\dns-sd.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 15:36 . 2011-02-18 15:36        51712        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40 . 2010-04-20 07:17        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-02-02 16:11 . 2009-10-09 21:53        270720        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\der Jipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\der Jipi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-10-14 1038088]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 Ser2at;ATEN USB to Serial port driver;c:\windows\system32\DRIVERS\ser2at64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [2009-08-05 24640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 06:46]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-30 06:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        97792        ----a-w-        c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        97792        ----a-w-        c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        97792        ----a-w-        c:\users\der Jipi\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 17:55        97032        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 171520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\der Jipi\AppData\Roaming\Mozilla\Firefox\Profiles\s9hvgrob.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-257FA97667CE86F3 - c:\systemdata\SystemData.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-03  15:07:45
ComboFix-quarantined-files.txt  2011-05-03 13:07
.
Vor Suchlauf: 2.056.126.464 Bytes frei
Nach Suchlauf: 2.268.540.928 Bytes frei
.
- - End Of File - - 73A29EFF0D25E4F09CAC9505339D69A1

cosinus 03.05.2011 14:26
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

der_jipi 03.05.2011 15:23
"GMER hasn't found any Entries", oder so ähnlich

Und MBRCheck:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Professional
Windows Information:                (build 7600), 64-bit
Base Board Manufacturer:        Foxconn
BIOS Manufacturer:                Phoenix Technologies, LTD
System Manufacturer:                OEM
System Product Name:                OEM
Logical Drives Mask:                0x000001fc

Kernel Drivers (total 190):
  0x02E64000 \SystemRoot\system32\ntoskrnl.exe
  0x02E1B000 \SystemRoot\system32\hal.dll
  0x00BC4000 \SystemRoot\system32\kdcom.dll
  0x00CC4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00D08000 \SystemRoot\system32\PSHED.dll
  0x00D1C000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00ED1000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F75000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F84000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x00FDB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x00FE4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
  0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00EC6000 \SystemRoot\system32\DRIVERS\intelide.sys
  0x00FEE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00D7A000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x00D81000 \SystemRoot\System32\drivers\mountmgr.sys
  0x010AE000 \SystemRoot\system32\DRIVERS\iaStorV.sys
  0x011CC000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x011D5000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x01000000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x0100B000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x01016000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01062000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01076000 \SystemRoot\System32\Drivers\PxHlpa64.sys
  0x0120B000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x00D9B000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013AE000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01472000 \SystemRoot\System32\Drivers\cng.sys
  0x014E5000 \SystemRoot\System32\drivers\pcw.sys
  0x014F6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01500000 \SystemRoot\system32\drivers\ndis.sys
  0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
  0x013C8000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01602000 \SystemRoot\System32\drivers\tcpip.sys
  0x01805000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0184F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x0185F000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x018AB000 \SystemRoot\System32\Drivers\spldr.sys
  0x018B3000 \SystemRoot\System32\drivers\rdyboost.sys
  0x018ED000 \SystemRoot\System32\Drivers\mup.sys
  0x018FF000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01908000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01942000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01958000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01996000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x019C0000 \SystemRoot\System32\Drivers\Null.SYS
  0x019C9000 \SystemRoot\System32\Drivers\Beep.SYS
  0x019D0000 \SystemRoot\System32\drivers\vga.sys
  0x01082000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x019DE000 \SystemRoot\System32\drivers\watchdog.sys
  0x019EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x019F7000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x01988000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x01460000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x03CED000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x03CFE000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x03D1C000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03D29000 \SystemRoot\system32\drivers\afd.sys
  0x03DB3000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03C00000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03C09000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03C2F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x03C45000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03C54000 \SystemRoot\system32\DRIVERS\serial.sys
  0x03C71000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x03C8C000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
  0x03C98000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
  0x03A2C000 \SystemRoot\SysWOW64\drivers\truecrypt.sys
  0x03A6C000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x03A80000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03AD1000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03ADD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x03AE8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x03AF2000 \SystemRoot\System32\drivers\discache.sys
  0x03B01000 \SystemRoot\system32\drivers\csc.sys
  0x03B84000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03BA2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x03BB3000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x03BD5000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x03A00000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x0485C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x05320000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x02C37000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x02D2B000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x02D71000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x02D95000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x02DE4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x02DF1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x05322000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x02C00000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x05378000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x02C11000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x02C1E000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x053B6000 \SystemRoot\system32\DRIVERS\parport.sys
  0x053D3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x053E3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x04800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x02C2A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04824000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x03CC8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x042CA000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x042EB000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x04305000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
  0x04327000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x04332000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x04341000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x04350000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x0435F000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x0438E000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
  0x043B5000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x043B7000 \SystemRoot\system32\DRIVERS\ks.sys
  0x04200000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x04212000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x0426C000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x03ECB000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x040EA000 \SystemRoot\system32\drivers\portcls.sys
  0x04127000 \SystemRoot\system32\drivers\drmk.sys
  0x04149000 \SystemRoot\system32\drivers\ksthunk.sys
  0x000A0000 \SystemRoot\System32\win32k.sys
  0x0415D000 \SystemRoot\System32\drivers\Dxapi.sys
  0x04169000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x04177000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x04190000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x04199000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x0419B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x041B8000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x041C5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x041D3000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00440000 \SystemRoot\System32\TSDDD.dll
  0x00600000 \SystemRoot\System32\cdd.dll
  0x00850000 \SystemRoot\System32\ATMFD.DLL
  0x03E00000 \SystemRoot\system32\drivers\luafv.sys
  0x03E23000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x03E40000 \SystemRoot\system32\drivers\WudfPf.sys
  0x03E61000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x03E76000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x041E1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x04281000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x034D2000 \SystemRoot\system32\drivers\HTTP.sys
  0x0359A000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x035B8000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x035D0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x03400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0344E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x03471000 \SystemRoot\System32\Drivers\adfs.SYS
  0x06898000 \SystemRoot\system32\drivers\peauth.sys
  0x0693E000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x06949000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x06976000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x06988000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x06800000 \SystemRoot\System32\DRIVERS\srv.sys
  0x08D3A000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x08D9F000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x77600000 \Windows\System32\ntdll.dll
  0x48460000 \Windows\System32\smss.exe
  0xFF920000 \Windows\System32\apisetschema.dll
  0xFFC10000 \Windows\System32\autochk.exe
  0xFF890000 \Windows\System32\difxapi.dll
  0xFF840000 \Windows\System32\Wldap32.dll
  0xFF710000 \Windows\System32\wininet.dll
  0xFF690000 \Windows\System32\shlwapi.dll
  0xFF5F0000 \Windows\System32\msvcrt.dll
  0xFF5E0000 \Windows\System32\lpk.dll
  0xFF4B0000 \Windows\System32\rpcrt4.dll
  0xFF3E0000 \Windows\System32\usp10.dll
  0x774E0000 \Windows\System32\kernel32.dll
  0xFF2D0000 \Windows\System32\msctf.dll
  0xFF2A0000 \Windows\System32\imm32.dll
  0xFF1C0000 \Windows\System32\oleaut32.dll
  0x777D0000 \Windows\System32\normaliz.dll
  0xFF120000 \Windows\System32\comdlg32.dll
  0xFF0D0000 \Windows\System32\ws2_32.dll
  0xFEF50000 \Windows\System32\urlmon.dll
  0xFEF30000 \Windows\System32\imagehlp.dll
  0xFE1A0000 \Windows\System32\shell32.dll
  0xFE180000 \Windows\System32\sechost.dll
  0x773E0000 \Windows\System32\user32.dll
  0xFDF70000 \Windows\System32\ole32.dll
  0xFDD10000 \Windows\System32\iertutil.dll
  0xFDCA0000 \Windows\System32\gdi32.dll
  0xFDC90000 \Windows\System32\nsi.dll
  0xFDBB0000 \Windows\System32\advapi32.dll
  0x777C0000 \Windows\System32\psapi.dll
  0xFD9D0000 \Windows\System32\setupapi.dll
  0xFD930000 \Windows\System32\clbcatq.dll

Processes (total 57):
      0 System Idle Process
      4 System
    280 C:\Windows\System32\smss.exe
    480 csrss.exe
    540 C:\Windows\System32\wininit.exe
    552 csrss.exe
    588 C:\Windows\System32\services.exe
    608 C:\Windows\System32\lsass.exe
    620 C:\Windows\System32\lsm.exe
    752 C:\Windows\System32\winlogon.exe
    780 C:\Windows\System32\svchost.exe
    864 C:\Windows\System32\nvvsvc.exe
    904 C:\Windows\System32\svchost.exe
    972 C:\Windows\System32\svchost.exe
    304 C:\Windows\System32\svchost.exe
    500 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\svchost.exe
    1172 C:\Windows\System32\nvvsvc.exe
    1208 C:\Windows\System32\svchost.exe
    1388 C:\Windows\System32\spoolsv.exe
    1452 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1500 C:\Windows\System32\svchost.exe
    1632 C:\Windows\System32\taskhost.exe
    1816 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1840 C:\Windows\System32\dwm.exe
    1864 C:\Windows\explorer.exe
    1952 C:\xampp\xampp\apache\bin\httpd.exe
    796 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1156 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1192 C:\Windows\System32\conhost.exe
    1536 C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
    1728 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1772 C:\Windows\System32\svchost.exe
    2380 C:\Program Files\Java\jre6\bin\jusched.exe
    2424 C:\xampp\xampp\apache\bin\httpd.exe
    2440 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3088 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    3096 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    3364 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    3740 C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
    3828 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3840 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3960 C:\Program Files\iPod\bin\iPodService.exe
    2580 C:\Windows\System32\SearchIndexer.exe
    4124 C:\Windows\System32\svchost.exe
    4216 C:\Windows\System32\svchost.exe
    5640 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4872 C:\Windows\System32\svchost.exe
    1968 C:\Program Files\Java\jre6\bin\jucheck.exe
  11104 C:\Windows\explorer.exe
    8748 C:\Windows\System32\audiodg.exe
  12152 C:\Windows\explorer.exe
  11376 C:\Windows\System32\SearchProtocolHost.exe
  11468 C:\Windows\System32\SearchFilterHost.exe
  11876 C:\Users\der Jipi\Desktop\MBRCheck.exe
  11900 C:\Windows\System32\conhost.exe
  11672 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`27f55800  (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000001c`13c68800  (NTFS)

PhysicalDrive0 Model Number: ST3500630A, Rev: 3.AAF 
PhysicalDrive1 Model Number: HDS722525VLSA80, Rev: V36OA6MA

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    232 GB  \\.\PhysicalDrive1  Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

cosinus 03.05.2011 15:28
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

der_jipi 04.05.2011 22:19
Hat ein wenig gedauert. Wie zuvor schon, hat er in einem dieser Uralten Ordner noch etwas gefunden. Ich würde vielleicht einfach den gesamten Ordner sicherheitshalber löschen? Macht das Sinn? Da ist eh nichts drin, was ich noch benötige:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6504

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.05.2011 15:53:39
mbam-log-2011-05-04 (15-53-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 600148
Laufzeit: 1 Stunde(n), 7 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/04/2011 at 08:20 PM

Application Version : 4.51.1000

Core Rules Database Version : 6984
Trace Rules Database Version: 4796

Scan type      : Complete Scan
Total Scan Time : 04:08:06

Memory items scanned      : 586
Memory threats detected  : 0
Registry items scanned    : 13753
Registry threats detected : 0
File items scanned        : 449193
File threats detected    : 1

Trojan.Agent/Gen-Frauder
        E:\SPIELPLATZ\AWESOM-O 3.5.6\REDVEX\LOGS\_STORELOGS.EXE


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:00 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129