Trojaner-Board - Windows Sicherheitscenter und Defender nicht mehr aktivierbar. FakeAlert?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Windows Sicherheitscenter und Defender nicht mehr aktivierbar. FakeAlert? (https://www.trojaner-board.de/98691-windows-sicherheitscenter-defender-mehr-aktivierbar-fakealert.html)

Windows Sicherheitscenter und Defender nicht mehr aktivierbar. FakeAlert?

Hallo Zusammen,

nach einigen Stunden Recherche aber keinem passenden Terffer zu meinem Thema liegt die Hoffnung nun bei Euch.

Ich habe seit einigen Tage das Problem das ich sowohl den Windows Sicherheitscenter wie auch den Windows Defender nicht mehr aktivieren kann. Aufgefallen ist es mir nur, weil mein Rechner mehrere male versucht hat 4 Windows Updates zu installieren, leider ohne erfolg.

Prüfen mit Hijackthis, Spyboot, Avast Antivir und Malwarebytes haben nur bedingt erfolge gebracht. Malwarebytes hat zwar etwas gefunden und entfernt leider ohne große Besserung. Hier mal das Logfile:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6500
 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385
 

03.05.2011 21:48:24

mbam-log-2011-05-03 (21-48-24).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 172040

Laufzeit: 4 Minute(n), 54 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 2

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_CURRENT_USER\SOFTWARE\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

Ich hoffe Ihr könnt mir weiterhelfen.

Danke.

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Erneute Suche Gestern:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6506
 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385
 

04.05.2011 20:23:20

mbam-log-2011-05-04 (20-23-20).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)

Durchsuchte Objekte: 472149

Laufzeit: 53 Minute(n), 10 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\Wolfgang\AppData\Local\Google\Chrome\user data\Default\Cache\f_0006c5 (Adware.Hotbar) -> Quarantined and deleted successfully.

Leider besteht das Problem trotz der Entfernung der oben genannten Dateien immer noch. Malwarebytes findet auch nichts mehr!

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox.

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier das Ergebniss:

Code:

OTL logfile created on: 05.05.2011 15:20:00 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Wolfgang\Desktop

64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free

8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,56 Gb Total Space | 41,95 Gb Free Space | 43,00% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 229,55 Gb Free Space | 62,36% Space Free | Partition Type: NTFS

Drive F: | 74,53 Gb Total Space | 73,97 Gb Free Space | 99,26% Space Free | Partition Type: NTFS

Drive Z: | 465,76 Gb Total Space | 282,41 Gb Free Space | 60,63% Space Free | Partition Type: NTFS

 

Computer Name: WOLF | User Name: Wolfgang | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.05.05 15:18:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfgang\Desktop\OTL.exe

PRC - [2011.04.29 12:11:58 | 000,994,304 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

PRC - [2011.03.18 17:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011.01.13 10:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe

PRC - [2011.01.13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010.12.23 16:24:46 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe

PRC - [2010.12.17 12:32:32 | 000,288,592 | ---- | M] (ViCon GmbH) -- C:\Program Files (x86)\ViCon\Update\03\UpdateClient.exe

PRC - [2010.12.17 12:32:22 | 000,051,024 | ---- | M] (ViCon GmbH) -- C:\Program Files (x86)\Common Files\ViCon Shared\ViCon Agent\ViConAgent.exe

PRC - [2010.11.23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

PRC - [2010.08.19 08:12:52 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010.06.17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe

PRC - [2010.04.27 11:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.05.05 15:18:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfgang\Desktop\OTL.exe

MOD - [2011.01.30 00:42:40 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\snxhk.dll

MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.01.13 10:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011.04.29 12:11:58 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011.03.18 17:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011.02.17 15:22:26 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.02.01 21:42:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010.12.23 16:24:46 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)

SRV - [2010.12.17 12:32:22 | 000,051,024 | ---- | M] (ViCon GmbH) [Auto | Running] -- C:\Program Files (x86)\Common Files\ViCon Shared\ViCon Agent\ViConAgent.exe -- (ViCon Agent)

SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010.08.19 08:12:52 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.04.29 12:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)

DRV:64bit: - [2011.02.18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011.01.13 10:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2010.06.23 11:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.06.22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010.04.27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010.04.27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009.08.24 00:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009.08.13 09:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)

DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV:64bit: - [2008.02.06 04:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2007.02.12 18:56:08 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)

DRV - [2009.02.24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A F5 AA 8E 3D CC CB 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=VE3D01&q="

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com/"

FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=VE3D01&q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.30 18:48:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.31 21:34:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.10 23:09:46 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.30 18:48:12 | 000,000,000 | ---D | M]

 

[2011.01.30 00:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang\AppData\Roaming\mozilla\Extensions

[2011.03.03 21:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wolfgang\AppData\Roaming\mozilla\Firefox\Profiles\hpdlusyb.default\extensions

[2011.02.16 15:05:42 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Wolfgang\AppData\Roaming\mozilla\Firefox\Profiles\hpdlusyb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2011.02.16 15:05:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Wolfgang\AppData\Roaming\mozilla\Firefox\Profiles\hpdlusyb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.01.30 18:52:54 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\Wolfgang\AppData\Roaming\mozilla\Firefox\Profiles\hpdlusyb.default\extensions\firegestures@xuldev.org

[2011.03.03 21:27:13 | 000,001,820 | ---- | M] () -- C:\Users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\hpdlusyb.default\searchplugins\bing.xml

[2011.03.28 22:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.01.30 18:57:54 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011.02.14 18:43:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.03.28 22:39:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

File not found (No name found) -- 

[2011.03.31 21:34:06 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.03.28 22:39:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.02.08 23:00:46 | 000,000,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [ViCon Update] C:\Program Files (x86)\ViCon\Update\03\UpdateClient.exe (ViCon GmbH)

O4 - HKCU..\Run: []  File not found

O4 - HKCU..\Run: [AdobeBridge]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wolfgang\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Wolfgang\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {DFB00A5D-BE70-B052-35E4-748445E70920} - Microsoft VM

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.05 15:18:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Wolfgang\Desktop\OTL.exe

[2011.05.03 23:32:22 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2011.05.03 23:29:57 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys

[2011.05.03 23:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

[2011.05.03 23:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2011.05.03 23:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft

[2011.05.03 22:27:49 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Local\Secunia PSI

[2011.05.03 22:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia

[2011.05.03 21:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2011.05.03 21:51:09 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2011.05.03 21:42:28 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Roaming\Malwarebytes

[2011.05.03 21:42:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.05.03 21:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.05.03 21:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.05.03 21:42:21 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.05.03 21:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.04.29 21:40:07 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\Desktop\ALDI

[2011.04.27 20:03:43 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2011.04.23 11:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.04.23 11:31:11 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2011.04.23 11:31:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2011.04.23 11:31:11 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2011.04.23 11:30:12 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour

[2011.04.21 21:36:05 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Local\ViCon

[2011.04.21 21:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViFlow

[2011.04.21 21:34:14 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Local\ViCon_GmbH

[2011.04.21 21:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ViCon Shared

[2011.04.21 21:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications

[2011.04.21 21:33:56 | 000,000,000 | ---D | C] -- C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ViFlow

[2011.04.21 21:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ViCon

[2011.04.21 21:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2011.04.18 19:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur

[2011.04.18 19:49:26 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliType Pro

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.05.05 15:18:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Wolfgang\Desktop\OTL.exe

[2011.05.05 15:16:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3869939579-2401303841-1838779856-1000UA.job

[2011.05.05 15:16:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3869939579-2401303841-1838779856-1000Core.job

[2011.05.05 15:04:50 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.05.05 15:03:28 | 000,018,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.05.05 15:03:28 | 000,018,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.05.05 14:56:10 | 000,000,314 | -HS- | M] () -- C:\Windows\tasks\cqcy.job

[2011.05.05 14:55:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.05.05 14:55:52 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys

[2011.05.05 06:47:02 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.05.04 20:32:26 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.05.04 20:32:26 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.05.04 20:32:26 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.05.04 20:32:26 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.05.04 20:32:26 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.05.03 23:32:21 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2011.05.03 23:29:59 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011.05.03 21:42:24 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.05.03 20:39:10 | 000,121,464 | ---- | M] () -- C:\Users\Wolfgang\Desktop\Yello Strom Rechnung 2010_2011.pdf

[2011.04.29 21:50:25 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.4 64-Bit.lnk

[2011.04.29 12:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys

[2011.04.26 21:12:54 | 000,122,880 | RHS- | M] () -- C:\Windows\SysWow64\d3d10Q.dll

[2011.04.22 10:03:28 | 003,305,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.04.21 21:34:03 | 000,000,022 | ---- | M] () -- C:\Windows\SysWow64\VDB0REG03.SYS

[2011.04.21 21:34:03 | 000,000,022 | ---- | M] () -- C:\Windows\SysWow64\REP0REG03.SYS

[2011.04.17 18:39:21 | 000,000,606 | ---- | M] () -- C:\Windows\wiso.ini

 
 ========== Files Created - No Company Name ==========

 

[2011.05.03 23:29:59 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011.05.03 21:42:24 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.05.03 20:39:10 | 000,121,464 | ---- | C] () -- C:\Users\Wolfgang\Desktop\Yello Strom Rechnung 2010_2011.pdf

[2011.04.29 21:50:25 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4 64-Bit.lnk

[2011.04.29 21:50:25 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.4 64-Bit.lnk

[2011.04.26 21:12:54 | 000,122,880 | RHS- | C] () -- C:\Windows\SysWow64\d3d10Q.dll

[2011.04.26 21:12:54 | 000,000,314 | -HS- | C] () -- C:\Windows\tasks\cqcy.job

[2011.04.21 21:34:08 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViCon Update.lnk

[2011.03.25 21:25:29 | 000,139,816 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011.03.03 21:43:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\realbap1.dll

[2011.03.02 12:50:53 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.03.02 12:47:40 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011.02.05 17:31:09 | 000,000,606 | ---- | C] () -- C:\Windows\wiso.ini

[2011.02.01 20:48:09 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini

[2011.01.30 18:30:23 | 000,007,597 | ---- | C] () -- C:\Users\Wolfgang\AppData\Local\Resmon.ResmonCfg

[2011.01.30 00:16:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011.01.30 00:16:09 | 000,022,387 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2010.12.23 16:24:46 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[2009.02.19 05:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe

[2006.08.31 09:22:16 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\VDB0REG03.SYS

[2006.08.31 09:22:16 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\REP0REG03.SYS

[2006.08.31 09:19:20 | 000,422,400 | ---- | C] () -- C:\Windows\SysWow64\DAVBDragDropSupport.dll

[2006.08.31 09:19:20 | 000,063,488 | ---- | C] () -- C:\Windows\SysWow64\DAIDataObject.dll

 
 ========== LOP Check ==========

 

[2011.01.30 11:03:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Buhl Data Service

[2011.04.04 10:07:24 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Buhl Data Service GmbH

[2011.03.10 20:42:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Canon

[2011.01.30 11:15:21 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\DataDesign

[2011.02.16 15:05:40 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.03.02 18:21:40 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\GARMIN

[2011.02.02 00:01:05 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\JAM Software

[2011.01.30 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Nokia

[2011.01.30 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Nokia Ovi Suite

[2011.01.30 18:50:57 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\PC Suite

[2011.03.31 19:40:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\TeamViewer

[2011.04.27 20:05:52 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\uTorrent

[2011.05.05 14:56:10 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\cqcy.job

[2011.04.27 19:27:15 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.04.24 22:58:43 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Adobe

[2011.01.30 12:06:25 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Apple Computer

[2011.01.30 11:03:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Buhl Data Service

[2011.04.04 10:07:24 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Buhl Data Service GmbH

[2011.03.10 20:42:09 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Canon

[2011.01.30 11:15:21 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\DataDesign

[2011.02.16 15:05:40 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.03.02 18:21:40 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\GARMIN

[2011.01.30 00:07:29 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Identities

[2011.02.02 00:01:05 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\JAM Software

[2011.01.30 11:37:27 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Macromedia

[2011.05.03 21:42:28 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Malwarebytes

[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Media Center Programs

[2011.05.01 18:15:47 | 000,000,000 | --SD | M] -- C:\Users\Wolfgang\AppData\Roaming\Microsoft

[2011.01.30 00:25:07 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Mozilla

[2011.01.30 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Nokia

[2011.01.30 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Nokia Ovi Suite

[2011.01.30 18:50:57 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\PC Suite

[2011.05.05 15:19:46 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\Skype

[2011.05.05 15:04:54 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\skypePM

[2011.03.31 19:40:56 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\TeamViewer

[2011.04.27 20:05:52 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\uTorrent

[2011.03.26 23:11:06 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\vlc

[2011.02.01 21:37:33 | 000,000,000 | ---D | M] -- C:\Users\Wolfgang\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.05.03 21:51:09 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Wolfgang\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

[2011.04.21 21:33:56 | 000,018,944 | R--- | M] () -- C:\Users\Wolfgang\AppData\Roaming\Microsoft\Installer\{C5B85834-D5E9-4D77-8A89-1D3F51215A92}\IconC5B85834.exe

[2011.04.21 21:33:56 | 000,007,680 | R--- | M] () -- C:\Users\Wolfgang\AppData\Roaming\Microsoft\Installer\{C5B85834-D5E9-4D77-8A89-1D3F51215A92}\IconC5B858344.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2011.04.26 21:12:54 | 000,122,880 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10Q.dll
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O4 - HKCU..\Run: []  File not found

O4 - HKCU..\Run: [AdobeBridge]  File not found

:Files

C:\Windows\SysWOW64\d3d10Q.dll

C:\Windows\Tasks\*.job

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hier das Log-File:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.

========== FILES ==========

C:\Windows\SysWOW64\d3d10Q.dll moved successfully.

C:\Windows\Tasks\Ad-Aware Update (Weekly).job moved successfully.

C:\Windows\Tasks\cqcy.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3869939579-2401303841-1838779856-1000Core.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3869939579-2401303841-1838779856-1000UA.job moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Sabi

->Temp folder emptied: 19642 bytes

->Temporary Internet Files folder emptied: 3001331 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 177778131 bytes

->Flash cache emptied: 814 bytes

 

User: Wolfgang

->Temp folder emptied: 14395279 bytes

->Temporary Internet Files folder emptied: 18816106 bytes

->Java cache emptied: 5098373 bytes

->FireFox cache emptied: 42666413 bytes

->Google Chrome cache emptied: 353269983 bytes

->Flash cache emptied: 5054 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 8476064 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 595,00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 05052011_203143
 

Files\Folders moved on Reboot...

C:\Users\Wolfgang\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Ich weis nicht ob das wichtig ist. Aber Windows versucht immer noch bei jedem Herunterfahren und Starten UPDATES zu installieren bricht dann aber nach geraumer Zeit ab.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hi Arne,

also Scan habe ich gemacht, gefunden hat er aber nichts. Hier der Report dazu:

Code:

2011/05/06 18:03:32.0649 4648        TDSS rootkit removing tool 2.5.0.0 May  1 2011 14:20:16

2011/05/06 18:03:32.0852 4648        ================================================================================

2011/05/06 18:03:32.0852 4648        SystemInfo:

2011/05/06 18:03:32.0852 4648        

2011/05/06 18:03:32.0852 4648        OS Version: 6.1.7600 ServicePack: 0.0

2011/05/06 18:03:32.0852 4648        Product type: Workstation

2011/05/06 18:03:32.0852 4648        ComputerName: WOLF

2011/05/06 18:03:32.0852 4648        UserName: Wolfgang

2011/05/06 18:03:32.0852 4648        Windows directory: C:\Windows

2011/05/06 18:03:32.0852 4648        System windows directory: C:\Windows

2011/05/06 18:03:32.0852 4648        Running under WOW64

2011/05/06 18:03:32.0852 4648        Processor architecture: Intel x64

2011/05/06 18:03:32.0852 4648        Number of processors: 4

2011/05/06 18:03:32.0852 4648        Page size: 0x1000

2011/05/06 18:03:32.0852 4648        Boot type: Normal boot

2011/05/06 18:03:32.0852 4648        ================================================================================

2011/05/06 18:03:33.0382 4648        Initialize success

2011/05/06 18:03:39.0435 4352        ================================================================================

2011/05/06 18:03:39.0435 4352        Scan started

2011/05/06 18:03:39.0435 4352        Mode: Manual; 

2011/05/06 18:03:39.0435 4352        ================================================================================

2011/05/06 18:03:45.0051 4352        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/05/06 18:03:45.0098 4352        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2011/05/06 18:03:45.0113 4352        AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/05/06 18:03:45.0254 4352        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/05/06 18:03:45.0410 4352        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/05/06 18:03:45.0535 4352        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/05/06 18:03:45.0737 4352        AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2011/05/06 18:03:45.0909 4352        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2011/05/06 18:03:46.0003 4352        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2011/05/06 18:03:46.0065 4352        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2011/05/06 18:03:46.0221 4352        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/05/06 18:03:46.0299 4352        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/05/06 18:03:46.0408 4352        amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2011/05/06 18:03:46.0580 4352        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/05/06 18:03:46.0705 4352        amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2011/05/06 18:03:46.0892 4352        AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2011/05/06 18:03:47.0095 4352        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/05/06 18:03:47.0188 4352        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/05/06 18:03:47.0407 4352        aswFsBlk        (6923740db573b46fdda13e1df412c577) C:\Windows\system32\drivers\aswFsBlk.sys

2011/05/06 18:03:47.0485 4352        aswMonFlt       (de001b988b58bfd453f667842655b22e) C:\Windows\system32\drivers\aswMonFlt.sys

2011/05/06 18:03:47.0531 4352        aswRdr          (e0d1002d7fa65dd023788b17f714e682) C:\Windows\system32\drivers\aswRdr.sys

2011/05/06 18:03:47.0625 4352        aswSP           (c3eafdc0f533425614430a112ba71e9a) C:\Windows\system32\drivers\aswSP.sys

2011/05/06 18:03:47.0687 4352        aswTdi          (0226ffbc420d8fb67ba3b9dbdd1f2dca) C:\Windows\system32\drivers\aswTdi.sys

2011/05/06 18:03:47.0765 4352        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/05/06 18:03:47.0828 4352        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2011/05/06 18:03:47.0984 4352        AtiPcie         (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys

2011/05/06 18:03:48.0187 4352        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/05/06 18:03:48.0421 4352        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/05/06 18:03:48.0514 4352        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/05/06 18:03:48.0608 4352        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/05/06 18:03:48.0795 4352        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

2011/05/06 18:03:48.0857 4352        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/05/06 18:03:48.0920 4352        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/05/06 18:03:49.0123 4352        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/05/06 18:03:49.0232 4352        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/05/06 18:03:49.0403 4352        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/05/06 18:03:49.0559 4352        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/05/06 18:03:49.0731 4352        BthAvrcp        (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys

2011/05/06 18:03:49.0825 4352        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/05/06 18:03:50.0074 4352        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/05/06 18:03:50.0168 4352        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

2011/05/06 18:03:50.0293 4352        BTHPORT         (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys

2011/05/06 18:03:50.0495 4352        BTHUSB          (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys

2011/05/06 18:03:50.0542 4352        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/05/06 18:03:50.0620 4352        cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2011/05/06 18:03:50.0761 4352        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/05/06 18:03:50.0792 4352        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/05/06 18:03:51.0026 4352        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/05/06 18:03:51.0166 4352        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2011/05/06 18:03:51.0307 4352        CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2011/05/06 18:03:51.0431 4352        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/05/06 18:03:51.0525 4352        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/05/06 18:03:51.0665 4352        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/05/06 18:03:51.0853 4352        CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

2011/05/06 18:03:52.0118 4352        DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2011/05/06 18:03:52.0196 4352        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/05/06 18:03:52.0258 4352        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/05/06 18:03:52.0414 4352        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/05/06 18:03:52.0586 4352        DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

2011/05/06 18:03:52.0773 4352        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/05/06 18:03:53.0069 4352        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/05/06 18:03:53.0179 4352        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2011/05/06 18:03:53.0319 4352        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/05/06 18:03:53.0397 4352        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/05/06 18:03:53.0569 4352        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/05/06 18:03:53.0740 4352        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/05/06 18:03:53.0849 4352        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/05/06 18:03:54.0115 4352        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/05/06 18:03:54.0208 4352        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2011/05/06 18:03:54.0380 4352        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/05/06 18:03:54.0427 4352        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/05/06 18:03:54.0583 4352        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/05/06 18:03:54.0645 4352        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/05/06 18:03:54.0770 4352        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/05/06 18:03:55.0051 4352        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/05/06 18:03:55.0238 4352        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2011/05/06 18:03:55.0300 4352        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/05/06 18:03:55.0347 4352        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/05/06 18:03:55.0363 4352        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/05/06 18:03:55.0425 4352        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/05/06 18:03:55.0612 4352        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2011/05/06 18:03:55.0721 4352        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/05/06 18:03:55.0831 4352        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2011/05/06 18:03:56.0018 4352        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2011/05/06 18:03:56.0158 4352        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/05/06 18:03:56.0205 4352        iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/05/06 18:03:56.0330 4352        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/05/06 18:03:56.0657 4352        IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys

2011/05/06 18:03:56.0798 4352        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2011/05/06 18:03:56.0860 4352        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/05/06 18:03:56.0938 4352        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/05/06 18:03:57.0063 4352        IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/05/06 18:03:57.0141 4352        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/05/06 18:03:57.0344 4352        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/05/06 18:03:57.0422 4352        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2011/05/06 18:03:57.0484 4352        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/05/06 18:03:57.0515 4352        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/05/06 18:03:57.0578 4352        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/05/06 18:03:57.0625 4352        KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2011/05/06 18:03:57.0671 4352        KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2011/05/06 18:03:57.0859 4352        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/05/06 18:03:58.0046 4352        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/05/06 18:03:58.0093 4352        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/05/06 18:03:58.0108 4352        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/05/06 18:03:58.0124 4352        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/05/06 18:03:58.0171 4352        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/05/06 18:03:58.0202 4352        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/05/06 18:03:58.0264 4352        mcdbus          (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

2011/05/06 18:03:58.0295 4352        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/05/06 18:03:58.0358 4352        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/05/06 18:03:58.0389 4352        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/05/06 18:03:58.0592 4352        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/05/06 18:03:58.0623 4352        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/05/06 18:03:58.0654 4352        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/05/06 18:03:58.0670 4352        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2011/05/06 18:03:58.0685 4352        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2011/05/06 18:03:58.0779 4352        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/05/06 18:03:58.0826 4352        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2011/05/06 18:03:58.0888 4352        mrxsmb          (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/05/06 18:03:58.0982 4352        mrxsmb10        (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/05/06 18:03:59.0029 4352        mrxsmb20        (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/05/06 18:03:59.0075 4352        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2011/05/06 18:03:59.0138 4352        msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2011/05/06 18:03:59.0309 4352        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/05/06 18:03:59.0356 4352        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/05/06 18:03:59.0387 4352        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/05/06 18:03:59.0559 4352        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/05/06 18:03:59.0668 4352        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/05/06 18:03:59.0715 4352        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/05/06 18:03:59.0777 4352        MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2011/05/06 18:03:59.0840 4352        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/05/06 18:03:59.0902 4352        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/05/06 18:03:59.0933 4352        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/05/06 18:04:00.0011 4352        MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

2011/05/06 18:04:00.0089 4352        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/05/06 18:04:00.0152 4352        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/05/06 18:04:00.0277 4352        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2011/05/06 18:04:00.0433 4352        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/05/06 18:04:00.0526 4352        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/05/06 18:04:00.0573 4352        Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/05/06 18:04:00.0620 4352        NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/05/06 18:04:00.0667 4352        NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2011/05/06 18:04:00.0713 4352        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/05/06 18:04:00.0776 4352        NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2011/05/06 18:04:00.0854 4352        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/05/06 18:04:01.0057 4352        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/05/06 18:04:01.0088 4352        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/05/06 18:04:01.0213 4352        Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2011/05/06 18:04:01.0337 4352        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/05/06 18:04:01.0462 4352        nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys

2011/05/06 18:04:01.0525 4352        nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys

2011/05/06 18:04:01.0603 4352        NVHDA           (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys

2011/05/06 18:04:02.0102 4352        nvlddmkm        (e39a912c643665672c5ce335f9c9bf2a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/05/06 18:04:02.0258 4352        nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2011/05/06 18:04:02.0305 4352        nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2011/05/06 18:04:02.0398 4352        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/05/06 18:04:02.0461 4352        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/05/06 18:04:02.0507 4352        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/05/06 18:04:02.0554 4352        partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2011/05/06 18:04:02.0617 4352        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

2011/05/06 18:04:02.0648 4352        pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2011/05/06 18:04:02.0663 4352        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2011/05/06 18:04:02.0695 4352        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/05/06 18:04:02.0741 4352        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/05/06 18:04:02.0788 4352        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/05/06 18:04:02.0866 4352        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2011/05/06 18:04:02.0897 4352        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/05/06 18:04:02.0929 4352        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2011/05/06 18:04:03.0022 4352        PxHlpa64        (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys

2011/05/06 18:04:03.0116 4352        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/05/06 18:04:03.0163 4352        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/05/06 18:04:03.0194 4352        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/05/06 18:04:03.0225 4352        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/05/06 18:04:03.0272 4352        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/05/06 18:04:03.0303 4352        Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/05/06 18:04:03.0334 4352        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/05/06 18:04:03.0381 4352        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/05/06 18:04:03.0397 4352        rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2011/05/06 18:04:03.0428 4352        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/05/06 18:04:03.0459 4352        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/05/06 18:04:03.0521 4352        RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

2011/05/06 18:04:03.0568 4352        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/05/06 18:04:03.0615 4352        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/05/06 18:04:03.0646 4352        RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2011/05/06 18:04:03.0677 4352        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2011/05/06 18:04:03.0818 4352        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/05/06 18:04:03.0865 4352        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/05/06 18:04:03.0989 4352        RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/05/06 18:04:04.0021 4352        s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

2011/05/06 18:04:04.0067 4352        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/05/06 18:04:04.0099 4352        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2011/05/06 18:04:04.0161 4352        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/05/06 18:04:04.0208 4352        Ser2pl          (2cd118925f9cdf665f7c08aecd8177ef) C:\Windows\system32\DRIVERS\ser2pl64.sys

2011/05/06 18:04:04.0255 4352        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/05/06 18:04:04.0286 4352        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/05/06 18:04:04.0317 4352        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/05/06 18:04:04.0426 4352        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/05/06 18:04:04.0457 4352        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/05/06 18:04:04.0473 4352        sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/05/06 18:04:04.0489 4352        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/05/06 18:04:04.0535 4352        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/05/06 18:04:04.0551 4352        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/05/06 18:04:04.0582 4352        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/05/06 18:04:04.0613 4352        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/05/06 18:04:04.0863 4352        srv             (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys

2011/05/06 18:04:05.0035 4352        srv2            (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys

2011/05/06 18:04:05.0097 4352        srvnet          (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys

2011/05/06 18:04:05.0159 4352        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/05/06 18:04:05.0222 4352        storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

2011/05/06 18:04:05.0237 4352        storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

2011/05/06 18:04:05.0253 4352        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2011/05/06 18:04:05.0456 4352        Tcpip           (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2011/05/06 18:04:05.0659 4352        TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2011/05/06 18:04:05.0737 4352        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/05/06 18:04:05.0783 4352        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/05/06 18:04:05.0799 4352        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/05/06 18:04:05.0815 4352        tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2011/05/06 18:04:05.0893 4352        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2011/05/06 18:04:05.0955 4352        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/05/06 18:04:06.0002 4352        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2011/05/06 18:04:06.0017 4352        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/05/06 18:04:06.0049 4352        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2011/05/06 18:04:06.0064 4352        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/05/06 18:04:06.0127 4352        umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2011/05/06 18:04:06.0142 4352        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/05/06 18:04:06.0205 4352        USBAAPL64       (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys

2011/05/06 18:04:06.0236 4352        usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/05/06 18:04:06.0361 4352        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2011/05/06 18:04:06.0454 4352        usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2011/05/06 18:04:06.0641 4352        usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

2011/05/06 18:04:07.0780 4352        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2011/05/06 18:04:08.0279 4352        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/05/06 18:04:08.0498 4352        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/05/06 18:04:08.0669 4352        USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/05/06 18:04:08.0981 4352        usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/05/06 18:04:09.0356 4352        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/05/06 18:04:09.0964 4352        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/05/06 18:04:10.0073 4352        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/05/06 18:04:10.0292 4352        vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/05/06 18:04:10.0510 4352        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2011/05/06 18:04:10.0682 4352        vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

2011/05/06 18:04:10.0807 4352        VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

2011/05/06 18:04:11.0119 4352        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/05/06 18:04:11.0275 4352        volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2011/05/06 18:04:11.0462 4352        volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2011/05/06 18:04:11.0883 4352        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/05/06 18:04:12.0320 4352        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2011/05/06 18:04:12.0741 4352        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/05/06 18:04:13.0147 4352        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/06 18:04:13.0225 4352        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/06 18:04:13.0677 4352        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/05/06 18:04:14.0379 4352        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/05/06 18:04:17.0015 4352        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/05/06 18:04:17.0234 4352        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/05/06 18:04:17.0577 4352        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/05/06 18:04:17.0889 4352        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/05/06 18:04:18.0107 4352        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2011/05/06 18:04:18.0435 4352        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/05/06 18:04:18.0685 4352        ================================================================================

2011/05/06 18:04:18.0685 4352        Scan finished

2011/05/06 18:04:18.0685 4352        ================================================================================

Hi Arne,

also ich glaube wir haben das Problem gelöst. Wobei ich mir noch nicht 100% sicher bin. Die Dienste für den Win Defender und Wartungscenter konnte ich wieder starten und bleiben bisher auch aktiv. Jedoch machen mir 4 Updates von Win ärger. Werde jetzt aber mal versuchen das SP1 für Win 7 zu installieren. Oder was meinst du?

Dann noch eine Frage. Nach dem Schreck möchte ich wieder in einen Virenscanner investieren. Was kannstdu empfehlen. Ich tendiere zu Kaspersky oder ESET Nod 32.

Gruß Wolfgang

Öh wir sind noch nicht fertig. Aber nur das sei gesagt: um kostenpflichtige Virenscanner musst du dir keine Gedanken machen, viel besser, dass sich das Geld lohnt, sind sie nicht. IdR werden nur Büro-PCs oder PCs die nicht auschließlich privat genutzt werden mit Bezahlversionen ausgestattet, weil die Lizenzbestimmungen kostenloser Virenscanner eine kommerzielle/gewerbliche Nutzung normalerweise verbieten!

Wenn du den Rechner also rein privat nutzt, kannst du ruhigen gewissens sowas wie Microsoft Security Essentials (was glaub ich sogar auf manche Büro-PCs laufen darf), AntiVir Free, Avast oder AVG Free nutzen.

Aber erstmal nicht, zuerst ist CF dran, bitte jetzt ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hi Arne,

danke für den Hinweis.

Hier das Log:

Code:

ComboFix 11-05-07.03 - Wolfgang 08.05.2011  18:14:42.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2501 [GMT 2:00]

ausgeführt von:: c:\users\Wolfgang\Desktop\cofi.exe

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-08 bis 2011-05-08  ))))))))))))))))))))))))))))))

.

.

2011-05-08 16:20 . 2011-05-08 16:20        --------        d-----w-        c:\users\Sabi\AppData\Local\temp

2011-05-08 16:20 . 2011-05-08 16:20        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-05-06 17:07 . 2011-05-06 17:07        --------        d-----w-        c:\windows\SysWow64\wbem\en-US

2011-05-06 17:07 . 2011-05-06 17:07        --------        d-----w-        c:\windows\system32\wbem\en-US

2011-05-06 16:36 . 2011-05-06 16:36        --------        d-----w-        c:\windows\system32\SPReview

2011-05-06 16:35 . 2011-05-06 16:35        --------        d-----w-        c:\windows\system32\EventProviders

2011-05-05 18:31 . 2011-05-05 18:31        --------        d-----w-        C:\_OTL

2011-05-03 21:32 . 2011-05-03 21:32        49752        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys

2011-05-03 21:29 . 2011-05-05 19:09        --------        d-----w-        c:\programdata\Lavasoft

2011-05-03 21:29 . 2011-05-03 21:29        --------        d-----w-        c:\program files (x86)\Lavasoft

2011-05-03 20:27 . 2011-05-03 20:27        --------        d-----w-        c:\users\Wolfgang\AppData\Local\Secunia PSI

2011-05-03 20:27 . 2011-05-03 20:27        --------        d-----w-        c:\program files (x86)\Secunia

2011-05-03 19:51 . 2011-05-03 19:51        388096        ----a-r-        c:\users\Wolfgang\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-03 19:51 . 2011-05-03 19:51        --------        d-----w-        c:\program files (x86)\Trend Micro

2011-05-03 19:45 . 2010-11-05 01:57        48976        ----a-w-        c:\windows\system32\netfxperf.dll

2011-05-03 19:45 . 2010-11-05 01:57        1942856        ----a-w-        c:\windows\system32\dfshim.dll

2011-05-03 19:45 . 2010-11-05 01:58        1130824        ----a-w-        c:\windows\SysWow64\dfshim.dll

2011-05-03 19:43 . 2010-11-20 13:27        1389056        ----a-w-        c:\windows\system32\pla.dll

2011-05-03 19:42 . 2010-11-20 13:27        60928        ----a-w-        c:\program files\Windows Defender\MsMpCom.dll

2011-05-03 19:40 . 2010-11-20 13:27        524288        ----a-w-        c:\windows\system32\wmicmiplugin.dll

2011-05-03 19:40 . 2010-11-20 13:27        529408        ----a-w-        c:\windows\system32\wbemcomn.dll

2011-05-03 19:40 . 2010-11-20 13:27        1225216        ----a-w-        c:\windows\system32\wbem\wbemcore.dll

2011-05-03 19:40 . 2010-11-20 13:27        933376        ----a-w-        c:\windows\system32\SmiEngine.dll

2011-05-03 19:40 . 2010-11-20 13:25        199168        ----a-w-        c:\windows\system32\PkgMgr.exe

2011-05-03 19:40 . 2010-11-20 13:26        422912        ----a-w-        c:\windows\system32\drvstore.dll

2011-05-03 19:40 . 2010-11-20 13:26        399872        ----a-w-        c:\windows\system32\dpx.dll

2011-04-27 19:18 . 2011-02-25 06:19        2871808        ----a-w-        c:\windows\explorer.exe

2011-04-27 19:18 . 2011-02-25 05:30        2616320        ----a-w-        c:\windows\SysWow64\explorer.exe

2011-04-27 19:18 . 2011-03-12 12:08        1465344        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-04-27 19:18 . 2011-03-12 11:23        870912        ----a-w-        c:\windows\SysWow64\XpsPrint.dll

2011-04-27 18:03 . 2011-05-08 16:10        --------        d-----w-        c:\program files\CCleaner

2011-04-26 16:06 . 2011-04-26 16:06        --------        d-----w-        c:\users\Sabi\AppData\Local\ViCon_GmbH

2011-04-26 15:50 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{88950ED7-B40A-4CB6-B22E-709850222392}\mpengine.dll

2011-04-23 09:31 . 2011-04-23 09:31        --------        d-----w-        c:\program files\iTunes

2011-04-23 09:31 . 2011-04-23 09:31        --------        d-----w-        c:\program files (x86)\iTunes

2011-04-23 09:31 . 2011-04-23 09:31        --------        d-----w-        c:\program files\iPod

2011-04-23 09:30 . 2011-04-23 09:30        --------        d-----w-        c:\program files\Bonjour

2011-04-21 19:36 . 2011-04-21 19:36        --------        d-----w-        c:\users\Wolfgang\AppData\Local\ViCon

2011-04-21 19:34 . 2011-04-21 19:34        --------        d-----w-        c:\programdata\Applications

2011-04-18 17:49 . 2011-04-18 17:49        --------        d-----w-        c:\program files\Microsoft IntelliType Pro

2011-04-15 17:24 . 2011-04-15 17:24        --------        d-----w-        c:\users\Sabi\AppData\Roaming\PC Suite

2011-04-08 21:00 . 2011-04-08 21:00        465920        ----a-w-        c:\windows\system32\itpcoin815.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-06 16:42 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll

2011-05-06 16:42 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll

2011-04-06 14:26 . 2011-04-06 14:26        96544        ----a-w-        c:\windows\system32\dnssd.dll

2011-04-06 14:26 . 2011-04-06 14:26        69408        ----a-w-        c:\windows\system32\jdns_sd.dll

2011-04-06 14:26 . 2011-04-06 14:26        237856        ----a-w-        c:\windows\system32\dnssdX.dll

2011-04-06 14:26 . 2011-04-06 14:26        119584        ----a-w-        c:\windows\system32\dns-sd.exe

2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\SysWow64\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20        75040        ----a-w-        c:\windows\SysWow64\jdns_sd.dll

2011-04-06 14:20 . 2011-04-06 14:20        197920        ----a-w-        c:\windows\SysWow64\dnssdX.dll

2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\SysWow64\dns-sd.exe

2011-03-28 20:39 . 2011-02-14 16:43        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-03-04 06:19 . 2011-04-27 19:18        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19 . 2011-04-27 19:18        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 19:45 . 2011-03-03 19:43        73728        ----a-w-        c:\windows\SysWow64\realbap1.dll

2011-02-19 12:05 . 2011-03-09 17:15        1139200        ----a-w-        c:\windows\system32\FntCache.dll

2011-02-19 12:04 . 2011-03-09 17:15        1544192        ----a-w-        c:\windows\system32\DWrite.dll

2011-02-19 12:04 . 2011-03-09 17:15        902656        ----a-w-        c:\windows\system32\d2d1.dll

2011-02-19 06:30 . 2011-03-09 17:15        1076736        ----a-w-        c:\windows\SysWow64\DWrite.dll

2011-02-19 06:30 . 2011-03-09 17:15        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll

2011-02-18 15:36 . 2011-02-18 15:36        51712        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys

2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2010-06-17 370176]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe [2011-2-5 1285232]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 136176]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-02 136176]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2010-12-23 66560]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-19 235624]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]

S3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to MP3 Converter - c:\users\Wolfgang\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Wolfgang\AppData\Roaming\Mozilla\Firefox\Profiles\hpdlusyb.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q=

FF - prefs.js: browser.startup.homepage - hxxp://de.msn.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VE3D01&q=

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components]

@Denied: (Full) (Everyone)

@Denied: (Full) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

@="Microsoft Windows Media Player"

"Version"="12,0,7601,17514"

"IsInstalled"=dword:00000000

"ComponentID"="WMPACCESS"

"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"

"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /ShowWMP"

"DontAsk"=dword:00000002

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

@="Internet Explorer"

"Version"="9,0,8112,16421"

"IsInstalled"=dword:00000001

"ComponentID"="IEACCESS"

"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-21"

"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -UserIconConfig"

"Dontask"=dword:00000002

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

@="Browser Customizations"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentiD"="BRANDING.CAB"

"LocalizedName"="@c:\\Windows\\SysWOW64\\iedkcs32.dll,-3052"

"StubPath"="\"c:\\Windows\\SysWOW64\\rundll32.exe\" \"c:\\Windows\\SysWOW64\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]

@="Microsoft VM"

"ComponentID"="JAVAVM"

"IsInstalled"=dword:00000001

"KeyFileName"="c:\\Windows\\system32\\msjava.dll"

"Version"="5,0,3810,0"

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

@="Microsoft Windows Media Player 12.0"

"IsInstalled"=dword:00000001

"Version"="12,0,7601,17514"

"DontAsk"=dword:00000002

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{25FFAAD0-F4A3-4164-95FF-4461E9F35D51}]

@=".NET Framework"

"Version"="2,0,50727,1"

"ComponentID"=".NETFramework"

"Locale"=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

@="Themes Setup"

"LocalizedName"=expand:"@%SystemRoot%\\system32\\themeui.dll,-2682"

"ComponentID"="Theme Component"

"IsInstalled"=dword:00000001

"Locale"="EN"

"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"

"Version"="1,1,1,9"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]

@="Offline Browsing Pack"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="MobilePk"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"IsInstalled"=dword:00000001

"Dontask"=dword:00000002

"Locale"="*"

"ComponentID"="MailNews"

"CloneUser"=dword:00000001

"StubPath"=expand:"\"%ProgramFiles(x86)%\\Windows Mail\\WinMail.exe\" OCInstallUserConfigOE"

"Version"="6,1,7601,17514"

@="Microsoft Windows"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]

@="DirectDrawEx"

"ComponentID"="DirectDrawEx"

"IsInstalled"=dword:00000001

"Locale"="*"

"Version"="4,71,1113,0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]

@="Internet Explorer Help"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="HelpCont"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]

@="Microsoft Windows Script 5.6"

"ComponentID"="MSVBScript"

"IsInstalled"=dword:00000001

"Locale"="EN"

"Version"="5,6,0,8833"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]

@="Internet Explorer Setup Tools"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="GenSetup"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]

"KeyFileName"=expand:"%SystemRoot%\\system32\\msieftp.dll"

@="Browsing Enhancements"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="ExtraPack"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

@="Microsoft Windows Media Player"

"IsInstalled"=dword:00000001

"Version"="12,0,7601,17514"

"ComponentID"="Microsoft Windows Media Player"

"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"

"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI"

"DontAsk"=dword:00000002

"Locale"="EN"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]

@="MSN Site Access"

"IsInstalled"=dword:00000001

"Version"="4,9,9,2"

"ComponentID"="MSN_Auth"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

@="Address Book 7"

"Version"="6,1,7601,17514"

"IsInstalled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]

@=".NET Framework"

"Locale"=""

"ComponentID"=".NETFramework"

"Version"="2,0,50727,0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]

@="Windows Desktop Update"

"LocalizedName"=expand:"@%SystemRoot%\\system32\\shell32.dll,-32969"

"ComponentID"="IE4_SHELLID"

"IsInstalled"=dword:00000001

"Locale"="en"

"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

"Version"="6,1,7601,17514"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]

@="Web Platform Customizations"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="BASEIE40_W2K"

"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-2000"

"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -BaseSettings"

"Locale"="en"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]

"IsInstalled"=dword:00000001

"ComponentID"="DOTNETFRAMEWORKS"

"StubPath"="c:\\Windows\\SysWOW64\\Rundll32.exe c:\\Windows\\SysWOW64\\mscories.dll,Install"

"DontAsk"=dword:00000002

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]

@="Dynamic HTML Data Binding"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="Tridata"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]

@="Internet Explorer Core Fonts"

"IsInstalled"=dword:00000001

"Version"="9,0,8112,16421"

"ComponentID"="Fontcore"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]

@="HTML Help"

"IsInstalled"=dword:00000001

"Version"="6,1,7601,16978"

"ComponentID"="HTMLHelp"

"Locale"="*"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{DFB00A5D-BE70-B052-35E4-748445E70920}]

@="Microsoft VM"

"ComponentID"="JAVAVM"

"IsInstalled"=dword:00000001

"Local"="EN"

"Version"="5,0,3810,0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

@="Active Directory Service Interface"

"ComponentID"="ADSI"

"IsInstalled"=dword:00000001

"Locale"="EN"

"Version"="5,0,00,0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]

"Locale"=""

"Version"="4,0,30319,0"

"ComponentID"=".NETFramework"

@=".NET Framework"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-05-08  18:21:36

ComboFix-quarantined-files.txt  2011-05-08 16:21

.

Vor Suchlauf: 9 Verzeichnis(se), 39.755.816.960 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 39.306.383.360 Bytes frei

.

- - End Of File - - BCFE3B82E6D9E37543253FABEFB1EE93

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

GMER Report:

Code:

GMER 1.0.15.15627 - hxxp://www.gmer.net

Rootkit scan 2011-05-09 18:36:31

Windows 6.1.7601 Service Pack 1 

Running: uui9zvf0.exe
 
 

---- Registry - GMER 1.0.15 ----
 

Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00106029302f                      

Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00106029302f@80501b33abbe         0xC9 0x46 0x32 0x52 ...

Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00106029302f (not active ControlSet)  

Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00106029302f@80501b33abbe             0xC9 0x46 0x32 0x52 ...
 

---- Files - GMER 1.0.15 ----
 

File  C:\ProgramData\Microsoft\RAC\Temp\sqlD46E.tmp                                                    20480 bytes

File  C:\ProgramData\Microsoft\RAC\Temp\sqlD4BD.tmp                                                    20480 bytes
 

---- EOF - GMER 1.0.15 ----

MBRCheck:

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Professional

Windows Information:                Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer:        ASUSTeK Computer INC.

BIOS Manufacturer:                American Megatrends Inc.

System Manufacturer:                System manufacturer

System Product Name:                System Product Name

Logical Drives Mask:                0x00000ffc
 

Kernel Drivers (total 209):

  0x03249000 \SystemRoot\system32\ntoskrnl.exe

  0x03200000 \SystemRoot\system32\hal.dll

  0x00B9B000 \SystemRoot\system32\kdcom.dll

  0x00CB4000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

  0x00CC1000 \SystemRoot\system32\PSHED.dll

  0x00CD5000 \SystemRoot\system32\CLFS.SYS

  0x00D33000 \SystemRoot\system32\CI.dll

  0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x00CA4000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x00E8B000 \SystemRoot\system32\drivers\ACPI.sys

  0x00EE2000 \SystemRoot\system32\drivers\WMILIB.SYS

  0x00EEB000 \SystemRoot\system32\drivers\msisadrv.sys

  0x00EF5000 \SystemRoot\system32\drivers\pci.sys

  0x00F28000 \SystemRoot\system32\drivers\vdrvroot.sys

  0x00F35000 \SystemRoot\System32\drivers\partmgr.sys

  0x00F4A000 \SystemRoot\system32\drivers\volmgr.sys

  0x00F5F000 \SystemRoot\System32\drivers\volmgrx.sys

  0x00FBB000 \SystemRoot\system32\drivers\pciide.sys

  0x00FC2000 \SystemRoot\system32\drivers\PCIIDEX.SYS

  0x00FD2000 \SystemRoot\System32\drivers\mountmgr.sys

  0x00E00000 \SystemRoot\system32\drivers\vmbus.sys

  0x00E3C000 \SystemRoot\system32\drivers\winhv.sys

  0x00E50000 \SystemRoot\system32\drivers\atapi.sys

  0x00E59000 \SystemRoot\system32\drivers\ataport.SYS

  0x00FEC000 \SystemRoot\system32\drivers\amdxata.sys

  0x01095000 \SystemRoot\system32\drivers\fltmgr.sys

  0x010E1000 \SystemRoot\system32\drivers\fileinfo.sys

  0x010F5000 \SystemRoot\System32\Drivers\PxHlpa64.sys

  0x01234000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x01101000 \SystemRoot\System32\Drivers\msrpc.sys

  0x013D7000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x0115F000 \SystemRoot\System32\Drivers\cng.sys

  0x01200000 \SystemRoot\System32\drivers\pcw.sys

  0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x0148F000 \SystemRoot\system32\drivers\ndis.sys

  0x01582000 \SystemRoot\system32\drivers\NETIO.SYS

  0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x01604000 \SystemRoot\System32\drivers\tcpip.sys

  0x01808000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x01852000 \SystemRoot\system32\drivers\vmstorfl.sys

  0x01862000 \SystemRoot\system32\drivers\volsnap.sys

  0x018AE000 \SystemRoot\System32\Drivers\spldr.sys

  0x018B6000 \SystemRoot\System32\drivers\rdyboost.sys

  0x018F0000 \SystemRoot\System32\Drivers\mup.sys

  0x01902000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x0190B000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x01945000 \SystemRoot\system32\DRIVERS\disk.sys

  0x0195B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x0198B000 \SystemRoot\system32\DRIVERS\AtiPcie.sys

  0x019C9000 \SystemRoot\system32\drivers\cdrom.sys

  0x019F3000 \SystemRoot\System32\Drivers\Null.SYS

  0x0142B000 \SystemRoot\System32\Drivers\Beep.SYS

  0x01432000 \SystemRoot\System32\drivers\vga.sys

  0x01440000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x01465000 \SystemRoot\System32\drivers\watchdog.sys

  0x01475000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x0147E000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x015E2000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x015EB000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x0121B000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x011D1000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x013F2000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x01000000 \SystemRoot\System32\Drivers\aswTdi.SYS

  0x03E51000 \SystemRoot\system32\drivers\afd.sys

  0x03EDA000 \SystemRoot\System32\Drivers\aswRdr.SYS

  0x03EE4000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x03F29000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x03F32000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x03F58000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x03F67000 \SystemRoot\system32\DRIVERS\serial.sys

  0x03F84000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x03F9F000 \SystemRoot\system32\drivers\termdd.sys

  0x03E00000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x03FB3000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x03FBF000 \SystemRoot\system32\drivers\mssmbios.sys

  0x03FCA000 \SystemRoot\System32\drivers\discache.sys

  0x01010000 \SystemRoot\system32\drivers\csc.sys

  0x03FD9000 \SystemRoot\System32\Drivers\dfsc.sys

  0x04011000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x04022000 \SystemRoot\System32\Drivers\aswSP.SYS

  0x0406B000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x04091000 \SystemRoot\system32\DRIVERS\amdppm.sys

  0x0480F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

  0x053E1000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

  0x040A6000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x0419A000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x0446B000 \SystemRoot\system32\drivers\HDAudBus.sys

  0x0448F000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys

  0x044BF000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x044C1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0x044CE000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0x044D9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x0452F000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x04540000 \SystemRoot\system32\DRIVERS\ASACPI.sys

  0x04548000 \SystemRoot\system32\DRIVERS\serenum.sys

  0x04554000 \SystemRoot\system32\drivers\1394ohci.sys

  0x04592000 \SystemRoot\system32\drivers\wmiacpi.sys

  0x0459B000 \SystemRoot\system32\drivers\CompositeBus.sys

  0x045AB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x045C1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x045E5000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x04400000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x0442F000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x0444A000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x053E3000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x045F1000 \SystemRoot\system32\DRIVERS\rdpbus.sys

  0x04800000 \SystemRoot\system32\drivers\kbdclass.sys

  0x041E0000 \SystemRoot\system32\drivers\mouclass.sys

  0x0584D000 \SystemRoot\system32\DRIVERS\mcdbus.sys

  0x0588A000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

  0x058B9000 \SystemRoot\system32\drivers\swenum.sys

  0x058BB000 \SystemRoot\system32\drivers\ks.sys

  0x058FE000 \SystemRoot\system32\drivers\umbus.sys

  0x05910000 \SystemRoot\system32\DRIVERS\nusb3hub.sys

  0x05928000 \SystemRoot\system32\drivers\usbhub.sys

  0x05982000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x05997000 \SystemRoot\system32\drivers\nvhda64v.sys

  0x059BA000 \SystemRoot\system32\drivers\portcls.sys

  0x05800000 \SystemRoot\system32\drivers\drmk.sys

  0x05822000 \SystemRoot\system32\drivers\ksthunk.sys

  0x064C9000 \SystemRoot\system32\drivers\RTKVHD64.sys

  0x06716000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x06724000 \SystemRoot\System32\Drivers\dump_dumpata.sys

  0x06730000 \SystemRoot\System32\Drivers\dump_atapi.sys

  0x06739000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x00060000 \SystemRoot\System32\win32k.sys

  0x0674C000 \SystemRoot\System32\drivers\Dxapi.sys

  0x06758000 \SystemRoot\system32\DRIVERS\ser2pl64.sys

  0x06776000 \SystemRoot\system32\drivers\hidusb.sys

  0x06784000 \SystemRoot\system32\drivers\HIDCLASS.SYS

  0x0679D000 \SystemRoot\system32\drivers\HIDPARSE.SYS

  0x067A6000 \SystemRoot\system32\drivers\USBSTOR.SYS

  0x067C1000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x067CE000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x067DC000 \SystemRoot\system32\DRIVERS\usbscan.sys

  0x067ED000 \SystemRoot\system32\DRIVERS\usbprint.sys

  0x004A0000 \SystemRoot\System32\TSDDD.dll

  0x00730000 \SystemRoot\System32\cdd.dll

  0x06400000 \SystemRoot\System32\Drivers\BTHUSB.sys

  0x06418000 \SystemRoot\System32\Drivers\bthport.sys

  0x00910000 \SystemRoot\System32\ATMFD.DLL

  0x064A4000 \SystemRoot\system32\drivers\usbccgp.sys

  0x05828000 \SystemRoot\system32\drivers\luafv.sys

  0x03A1B000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

  0x03A55000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

  0x03A5E000 \SystemRoot\system32\drivers\WudfPf.sys

  0x03A7F000 \SystemRoot\system32\drivers\kbdhid.sys

  0x03A8D000 \SystemRoot\system32\DRIVERS\rfcomm.sys

  0x03AB9000 \SystemRoot\system32\drivers\BthEnum.sys

  0x03AC9000 \SystemRoot\system32\DRIVERS\bthpan.sys

  0x03AE9000 \SystemRoot\system32\DRIVERS\bthmodem.sys

  0x03B00000 \SystemRoot\system32\drivers\modem.sys

  0x03B0F000 \SystemRoot\system32\DRIVERS\BthAvrcp.sys

  0x03B1C000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x03B31000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x06CF0000 \SystemRoot\system32\drivers\HTTP.sys

  0x06DB9000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x06DD7000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x06C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x06C2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x06C7A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x03B49000 \SystemRoot\system32\drivers\peauth.sys

  0x06C9E000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x06CA9000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x06CDA000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x07691000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x076FB000 \SystemRoot\System32\DRIVERS\srv.sys

  0x07793000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

  0x07600000 \SystemRoot\system32\drivers\spsys.sys

  0x094E7000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

  0x772F0000 \Windows\System32\ntdll.dll

  0x47E00000 \Windows\System32\smss.exe

  0xFF610000 \Windows\System32\apisetschema.dll

  0xFFF00000 \Windows\System32\autochk.exe

  0xFF530000 \Windows\System32\usp10.dll

  0x771D0000 \Windows\System32\kernel32.dll

  0x774C0000 \Windows\System32\normaliz.dll

  0xFF490000 \Windows\System32\msvcrt.dll

  0x77070000 \Windows\System32\wininet.dll

  0xFF440000 \Windows\System32\ws2_32.dll

  0xFF430000 \Windows\System32\lpk.dll

  0xFF350000 \Windows\System32\advapi32.dll

  0xFF330000 \Windows\System32\sechost.dll

  0xFF200000 \Windows\System32\rpcrt4.dll

  0x76E60000 \Windows\System32\iertutil.dll

  0xFF020000 \Windows\System32\setupapi.dll

  0xFEF40000 \Windows\System32\oleaut32.dll

  0xFEF20000 \Windows\System32\imagehlp.dll

  0xFEE80000 \Windows\System32\clbcatq.dll

  0xFEE10000 \Windows\System32\gdi32.dll

  0x774B0000 \Windows\System32\psapi.dll

  0x76D10000 \Windows\System32\urlmon.dll

  0xFED90000 \Windows\System32\shlwapi.dll

  0x76C10000 \Windows\System32\user32.dll

  0xFE000000 \Windows\System32\shell32.dll

  0xFDF60000 \Windows\System32\comdlg32.dll

  0xFDF30000 \Windows\System32\imm32.dll

  0xFDEB0000 \Windows\System32\difxapi.dll

  0xFDE50000 \Windows\System32\Wldap32.dll

  0xFDC40000 \Windows\System32\ole32.dll

  0xFDB30000 \Windows\System32\msctf.dll

  0xFDB20000 \Windows\System32\nsi.dll

  0xFDAE0000 \Windows\System32\wintrust.dll

  0xFDAA0000 \Windows\System32\cfgmgr32.dll

  0xFDA00000 \Windows\System32\comctl32.dll

  0xFD990000 \Windows\System32\KernelBase.dll

  0xFD820000 \Windows\System32\crypt32.dll

  0xFD800000 \Windows\System32\devobj.dll

  0xFD7F0000 \Windows\System32\msasn1.dll
 

Processes (total 61):

       0 System Idle Process

       4 System

     288 C:\Windows\System32\smss.exe

     460 csrss.exe

     524 C:\Windows\System32\wininit.exe

     548 csrss.exe

     580 C:\Windows\System32\winlogon.exe

     640 C:\Windows\System32\services.exe

     660 C:\Windows\System32\lsass.exe

     668 C:\Windows\System32\lsm.exe

     768 C:\Windows\System32\svchost.exe

     848 C:\Windows\System32\nvvsvc.exe

     888 C:\Windows\System32\svchost.exe

     956 C:\Windows\System32\svchost.exe

     128 C:\Windows\System32\svchost.exe

     336 C:\Windows\System32\svchost.exe

     340 C:\Windows\System32\audiodg.exe

    1056 C:\Windows\System32\svchost.exe

    1164 C:\Windows\System32\svchost.exe

    1224 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    1284 C:\Windows\System32\nvvsvc.exe

    1676 C:\Windows\System32\taskeng.exe

    1704 C:\Windows\System32\spoolsv.exe

    1732 C:\Windows\System32\svchost.exe

    1772 C:\Windows\System32\rundll32.exe

    1856 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    1976 C:\Windows\System32\taskhost.exe

    2000 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    1344 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    2036 C:\Windows\SysWOW64\nlssrv32.exe

    1388 C:\Windows\explorer.exe

    2060 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    2084 C:\Windows\System32\dwm.exe

    2188 C:\Windows\System32\svchost.exe

    2316 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

    2348 C:\Windows\System32\svchost.exe

    2528 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    2536 C:\Program Files\Microsoft IntelliType Pro\itype.exe

    1844 C:\Windows\System32\svchost.exe

     304 WUDFHost.exe

    1268 C:\Windows\System32\svchost.exe

    3100 C:\Windows\System32\SearchIndexer.exe

    3112 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

    3160 C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

    3240 C:\Program Files (x86)\FreePDF_XP\fpassist.exe

    3272 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    3280 C:\Program Files (x86)\iTunes\iTunesHelper.exe

    3428 C:\Program Files\iPod\bin\iPodService.exe

    3676 C:\Windows\System32\sppsvc.exe

     212 C:\Program Files\Windows Media Player\wmpnetwk.exe

     856 WmiPrvSE.exe

    1792 C:\Windows\System32\svchost.exe

    2828 C:\Windows\System32\svchost.exe

    4240 WmiPrvSE.exe

    4424 C:\Windows\System32\SearchFilterHost.exe

    4464 C:\Users\Wolfgang\AppData\Local\Google\Chrome\Application\chrome.exe

    4588 C:\Windows\System32\SearchProtocolHost.exe

    5012 C:\Users\Wolfgang\AppData\Local\Google\Chrome\Application\chrome.exe

    1176 C:\Users\Wolfgang\Desktop\MBRCheck.exe

    2136 C:\Windows\System32\conhost.exe

     716 C:\Windows\System32\dllhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`6a100000  (NTFS)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000  (NTFS)
 

PhysicalDrive0 Model Number: WDCWD5000AAKX-001CA0, Rev: 15.01H15

PhysicalDrive1 Model Number: ST380215AS, Rev: 4.AAB   
 

      Size  Device Name          MBR Status

  --------------------------------------------

    465 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

     74 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
 
 

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Super Anti Spy:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 05/09/2011 at 10:00 PM
 

Application Version : 4.52.1000
 

Core Rules Database Version : 7017

Trace Rules Database Version: 4829
 

Scan type       : Complete Scan

Total Scan Time : 01:43:56
 

Memory items scanned      : 659

Memory threats detected   : 0

Registry items scanned    : 14569

Registry threats detected : 0

File items scanned        : 234344

File threats detected     : 2
 

Adware.Tracking Cookie

        C:\Users\Wolfgang\AppData\Roaming\Microsoft\Windows\Cookies\wolfgang@doubleclick[1].txt
 

Trojan.Agent/Gen-Faldesc[RE]

        C:\_OTL\MOVEDFILES\05052011_203143\C_WINDOWS\SYSWOW64\D3D10Q.DLL

Nur ein Cookie und ein mit OTL isolierter Schädling. Poste das andere Log bitte auch.

Malewarebytes:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6547
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

10.05.2011 19:12:18

mbam-log-2011-05-10 (19-12-18).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|N:\|)

Durchsuchte Objekte: 410379

Laufzeit: 46 Minute(n), 30 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Sieht doch gut aus. Noch was offen oder alles wieder ok?

Hi Arne,

soweit wieder alles i.O. Dank dir!

Gruß Wolfgang
:dankeschoen:

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.