Google öffnet "falsche Links", hatte ANTIVIRUS GT

gregger · 13.09.2010, 11:04

Ich besitze ein Netbook mit Windows 7 Starter. Vor kurzem hatte ich auf meinem Computer den Antivirus GT. Bis jetzt habe ich geschafft den Virus zu löschen und seine Verwüstung erfolgreich einzustellen.

1. Netbook ist langsamer geworden
2. Zum Starten muss ich F2 drücken damit er überhaupt hochfährt (ansonsten schwarzer Bildschirm mit blinkendem weißen Strich)
3. Google öffnet andere Seiten wie geplant

Habe Antivirus AVG und Spybot Search & Destroy (neu-installiert)

Habe mich in Foren erkundigt und RIST, Malwarebytes, GMER herruntergeladen

Ich befinde mich in Australien, daher werde ich nicht immer sofort zurückschreiben können (+8h Verschiebung)

Danke im Vorraus

mfg
gregor

markusg · 13.09.2010, 12:50

spybot kann wieder runter.
wenn Malwarebytes was gefunden hatt, schau unter logdateien, poste das scan log.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

gregger · 15.09.2010, 06:34

mbam habe ich nicht erstellt, sag mir bescheid wenn du das log benötigst

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-14.01 - Gregor 15.09.2010   6:47.1.2 - x86
Microsoft Windows 7 Starter   6.1.7600.0.1252.49.1031.18.2038.1276 [GMT 2:00]
ausgeführt von:: c:\users\Gregor\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\AVG\AVG9\avgtray.exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\ASUS\APRP\APRP.EXE
c:\program files\ASUS\LivCam\LivCam.exe
c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
c:\program files\pdf24\pdf24.exe
c:\programdata\FullRemove.exe
c:\windows\AsScrPro.exe
c:\windows\system32\Thumbs.db


	Code: 

 ATTFilter

  
	 <pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe --->c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\ASUS\APRP\APRP .exe --->c:\program files\ASUS\APRP\APRP.exe
c:\program files\ASUS\LivCam\LivCam .exe --->c:\program files\ASUS\LivCam\LivCam.exe
c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu .exe --->c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
c:\program files\pdf24\pdf24 .exe --->c:\program files\pdf24\pdf24.exe
c:\windows\AsScrPro .exe --->c:\windows\AsScrPro.exe
</pre>
         
 .
.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-15 bis 2010-09-15  ))))))))))))))))))))))))))))))
.

2010-09-15 05:02 . 2010-09-15 05:02	--------	d-----w-	c:\users\Gregor\AppData\Local\temp
2010-09-15 05:02 . 2010-09-15 05:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-15 04:17 . 2010-09-15 04:18	--------	d-----w-	C:\32788R22FWJFW
2010-09-12 12:14 . 2010-09-15 03:15	--------	d-----w-	C:\fixwareout
2010-09-12 11:34 . 2010-09-12 11:34	--------	d-----w-	c:\users\Gregor\AppData\Roaming\Malwarebytes
2010-09-12 11:33 . 2010-09-12 11:33	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-12 11:33 . 2010-09-15 03:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-12 11:24 . 2010-09-12 11:24	--------	d-----w-	C:\rsit
2010-09-12 11:24 . 2010-09-12 11:24	--------	d-----w-	c:\program files\trend micro
2010-09-12 04:20 . 2010-09-14 09:18	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-09-12 04:09 . 2010-09-15 03:15	--------	d-----w-	c:\program files\Mozilla Firefox 4.0 Beta 5
2010-09-11 08:02 . 2010-09-11 08:02	--------	d-----w-	c:\users\Gregor\AppData\Roaming\EeeStorageUploader
2010-09-06 23:56 . 2010-09-15 03:15	--------	d-----w-	c:\program files\etax2010
2010-09-06 12:50 . 2010-09-06 12:50	--------	d-----w-	C:\$AVG
2010-09-06 12:07 . 2010-09-15 05:02	--------	d-----w-	c:\program files\pdf24
2010-09-04 03:32 . 2010-09-04 03:32	29512	----a-w-	c:\programdata\avg9\update\backup\avgmfx86.sys
2010-09-04 03:32 . 2010-09-04 03:32	242896	----a-w-	c:\programdata\avg9\update\backup\avgtdix.sys
2010-09-04 03:32 . 2010-09-04 03:32	216200	----a-w-	c:\programdata\avg9\update\backup\avgldx86.sys
2010-09-04 03:31 . 2010-09-04 03:31	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-09-04 03:17 . 2010-09-04 03:17	1038688	----a-w-	c:\programdata\avg9\update\backup\avgupd.exe
2010-09-04 03:17 . 2010-09-04 03:17	813336	----a-w-	c:\programdata\avg9\update\backup\avginet.dll
2010-09-04 03:17 . 2010-09-04 03:17	624920	----a-w-	c:\programdata\avg9\update\backup\avgiproxy.exe
2010-09-04 03:17 . 2010-09-04 03:17	1690464	----a-w-	c:\programdata\avg9\update\backup\avgupd.dll
2010-09-03 22:48 . 2010-08-30 11:57	767952	----a-w-	c:\windows\BDTSupport.dll
2010-09-03 22:47 . 2010-09-04 12:03	--------	d-----w-	c:\program files\PC Tools Security
2010-09-03 22:47 . 2010-09-04 12:03	--------	d-----w-	c:\program files\Common Files\PC Tools
2010-09-03 22:47 . 2010-09-03 22:47	--------	d-----w-	c:\users\Gregor\AppData\Roaming\PC Tools
2010-09-03 15:15 . 2010-09-04 12:03	--------	d-----w-	c:\programdata\PC Tools

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 04:49 . 2009-07-26 01:49	680010	----a-w-	c:\windows\system32\perfh010.dat
2010-09-15 04:49 . 2009-07-26 01:39	681356	----a-w-	c:\windows\system32\perfh013.dat
2010-09-15 04:49 . 2009-07-26 01:39	129608	----a-w-	c:\windows\system32\perfc013.dat
2010-09-15 04:49 . 2009-07-26 01:49	124006	----a-w-	c:\windows\system32\perfc010.dat
2010-09-15 04:49 . 2009-07-26 01:28	643866	----a-w-	c:\windows\system32\perfh007.dat
2010-09-15 04:49 . 2009-07-26 01:28	126394	----a-w-	c:\windows\system32\perfc007.dat
2010-09-15 04:49 . 2009-07-26 01:18	684954	----a-w-	c:\windows\system32\perfh00C.dat
2010-09-15 04:49 . 2009-07-26 01:18	127070	----a-w-	c:\windows\system32\perfc00C.dat
2010-09-15 03:52 . 2010-09-15 03:39	112	----a-w-	c:\programdata\7mgHEu.dat
2010-09-15 03:15 . 2010-06-24 16:47	--------	d-----w-	c:\users\Gregor\AppData\Roaming\ASUS WebStorage
2010-09-15 03:15 . 2010-07-26 05:39	--------	d-----w-	c:\program files\FreeGPS
2010-09-15 03:15 . 2010-06-24 22:15	--------	d-----w-	c:\users\Gregor\AppData\Roaming\Skype
2010-09-12 10:08 . 2010-06-24 22:17	--------	d-----w-	c:\users\Gregor\AppData\Roaming\skypePM
2010-09-04 12:03 . 2010-06-26 11:36	--------	d-----w-	c:\users\Gregor\AppData\Roaming\vlc
2010-09-04 12:03 . 2010-06-26 09:55	--------	d-----w-	c:\users\Gregor\AppData\Roaming\teamspeak2
2010-09-04 12:01 . 2010-06-24 19:43	--------	d-----w-	c:\program files\AVG
2010-09-04 03:31 . 2010-06-24 19:43	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-09-04 03:31 . 2010-06-24 19:43	29584	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-09-04 03:30 . 2010-06-24 19:43	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-09-04 03:05 . 2010-06-26 10:03	--------	d-----w-	c:\programdata\Installations
2010-09-04 03:05 . 2010-07-12 13:25	--------	d-----w-	c:\program files\Nokia
2010-09-04 02:52 . 2010-06-24 19:43	--------	d-----w-	c:\programdata\avg9
2010-08-12 04:53 . 2010-01-06 21:58	--------	d-----w-	c:\program files\Microsoft Works
2010-08-12 04:30 . 2010-01-06 21:56	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-12 00:30 . 2010-06-26 09:54	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2010-07-29 06:30 . 2010-08-12 00:31	197632	----a-w-	c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 00:31	82944	----a-w-	c:\windows\system32\iccvid.dll
2010-07-19 12:43 . 2010-07-19 12:39	--------	d-----w-	c:\program files\Google
2010-07-18 08:43 . 2010-07-18 08:43	0	---ha-w-	c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-18 08:43 . 2010-07-12 13:27	--------	d-----w-	c:\programdata\PC Suite
2010-07-17 10:36 . 2010-07-17 10:36	--------	d-----w-	c:\program files\Common Files\Skype
2010-07-12 13:24 . 2010-07-12 13:24	95232	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-07-12 13:24 . 2010-07-12 13:24	8192	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-07-12 13:24 . 2010-07-12 13:24	61440	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-07-12 13:24 . 2010-07-12 13:24	10240	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-07-12 13:23 . 2010-07-12 13:24	36426336	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_ger_web.exe
2010-06-30 06:25 . 2010-08-12 00:31	978432	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 13:26 . 2010-06-24 16:47	110816	----a-w-	c:\users\Gregor\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-25 00:28 . 2010-06-25 00:28	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-06-25 00:23 . 2010-06-25 00:23	0	----a-w-	c:\users\Gregor\AppData\Roaming\wklnhst.dat
2010-06-24 22:17 . 2010-06-24 22:17	56	---ha-w-	c:\programdata\ezsidmv.dat
2010-06-24 20:15 . 2010-06-24 20:19	53632	----a-w-	c:\users\Gregor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-24 20:15 . 2010-06-24 20:07	53632	----a-w-	c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-22 02:47 . 2010-08-12 00:31	310784	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 00:31	307200	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 00:31	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-12 00:31	3955080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 00:31	3899784	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 00:31	37376	----a-w-	c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 00:31	2326016	----a-w-	c:\windows\system32\win32k.sys
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
 Code: 

 ATTFilter
 
 <pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Synaptics\SynTP\SynAsusAcpi .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
</pre>
         
 ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [N/A]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-15 35332]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-09-15 35332]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-06 3058304]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-06 2018032]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-06-21 199488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS WebStorage]
2009-12-24 10:25	1736704	----a-w-	c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
c:\program files\IVT Corporation\BlueSoleil\BtTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
c:\program files\ASUS\Eee Docking\Eee Docking.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EeeSplendidAgent]
c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 03:03	186904	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2009-09-11 21:25	33768	----a-w-	c:\windows\System32\AsusSender.exe

R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 25864]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 23048]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-25 691696]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-04 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-04 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-04 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-04 308136]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-09-15 c:\windows\Tasks\At1.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At10.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At11.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At12.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At13.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At14.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At15.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At16.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At17.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At18.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At19.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At2.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At20.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At21.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At22.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At23.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At24.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At3.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At4.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At5.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At6.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At7.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At8.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\At9.job
- c:\windows\Fonts\A4QeWv.com [2010-09-15 03:30]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 12:39]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 12:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://asus.msn.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {E4F926A7-A20D-47FE-A1C5-7CBC921D8D34} = 123.200.191.17 123.200.191.18
FF - ProfilePath - c:\users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\02fy7gud.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8597DACE]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xee657645
 SecurityProcedure -> 0x6
 QueryNameProcedure -> 0x1
user & kernel MBR OK 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-09-15  07:08:13
ComboFix-quarantined-files.txt  2010-09-15 05:08

Vor Suchlauf: 10 Verzeichnis(se), 83.118.493.696 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 83.168.849.920 Bytes frei

- - End Of File - - 5F86972B90B2975F361EB6743A5D45DD

--- --- ---

mfg
gregger

gregger · 15.09.2010, 08:51

mbam hat nichts gefunden, eben durchlaufen lassen... (war die aktuellste Version)

markusg · 15.09.2010, 10:26

bitte keine scans ohne absprache, bringt nur alles durcheinander.
123.200.191.18
Lade
http://filepony.de/download-defogger/
herunter und speichere es auf Deinem Desktop.

Doppelklicke DeFogger, um das Tool zu starten.

• Es öffnet sich das Programm-Fenster des Tools.
• Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
• Klicke Ja, um fortzufahren.
• Wenn die Nachricht 'Finished!' erscheint,
• klicke OK.
• DeFogger wird nun einen Reboot erfragen - klicke OK
• Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird.

kennst du diese ip? ist das die deines providers?

start programme zubehör editor, kopiere rein:

Killall::
Rootkit::
c:\programdata\7mgHEu.dat
c:\windows\Fonts\A4QeWv.com
AtJob::

datei speichern unter, speicherort, wo sich combofix.exe befindet, typ alle dateien, name cfscript.txt
ziehe cfscript.txt auf combofix, programm startet, log posten.

gregger · 15.09.2010, 12:38

123.200.191.18 ja müsste die provider ip sein, ich benutze einen Broadband Stick von Virgin mobile dies (in Autralien gekauft)

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:35 on 15/09/2010 (Gregor)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled

-=E.O.F=-

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-14.01 - Gregor 15.09.2010  12:53:27.2.2 - x86
Microsoft Windows 7 Starter   6.1.7600.0.1252.49.1031.18.2038.1431 [GMT 2:00]
ausgeführt von:: c:\users\Gregor\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Gregor\Desktop\cfscript.txt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-15 bis 2010-09-15  ))))))))))))))))))))))))))))))
.

2010-09-15 11:12 . 2010-09-15 11:14	--------	d-----w-	c:\users\Gregor\AppData\Local\temp
2010-09-15 11:12 . 2010-09-15 11:12	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-09-15 11:12 . 2010-09-15 11:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-15 10:39 . 2010-09-15 10:40	--------	d-----w-	C:\32788R22FWJFW
2010-09-15 07:02 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 07:02 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-12 12:14 . 2010-09-15 03:15	--------	d-----w-	C:\fixwareout
2010-09-12 11:34 . 2010-09-12 11:34	--------	d-----w-	c:\users\Gregor\AppData\Roaming\Malwarebytes
2010-09-12 11:33 . 2010-09-12 11:33	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-12 11:33 . 2010-09-15 07:02	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-12 11:24 . 2010-09-12 11:24	--------	d-----w-	C:\rsit
2010-09-12 11:24 . 2010-09-12 11:24	--------	d-----w-	c:\program files\trend micro
2010-09-12 04:20 . 2010-09-14 09:18	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-09-12 04:09 . 2010-09-15 03:15	--------	d-----w-	c:\program files\Mozilla Firefox 4.0 Beta 5
2010-09-11 08:02 . 2010-09-11 08:02	--------	d-----w-	c:\users\Gregor\AppData\Roaming\EeeStorageUploader
2010-09-06 23:56 . 2010-09-15 03:15	--------	d-----w-	c:\program files\etax2010
2010-09-06 12:50 . 2010-09-06 12:50	--------	d-----w-	C:\$AVG
2010-09-06 12:07 . 2010-09-15 05:02	--------	d-----w-	c:\program files\pdf24
2010-09-04 03:32 . 2010-09-04 03:32	29512	----a-w-	c:\programdata\avg9\update\backup\avgmfx86.sys
2010-09-04 03:32 . 2010-09-04 03:32	242896	----a-w-	c:\programdata\avg9\update\backup\avgtdix.sys
2010-09-04 03:32 . 2010-09-04 03:32	216200	----a-w-	c:\programdata\avg9\update\backup\avgldx86.sys
2010-09-04 03:31 . 2010-09-04 03:31	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-09-04 03:17 . 2010-09-04 03:17	1038688	----a-w-	c:\programdata\avg9\update\backup\avgupd.exe
2010-09-04 03:17 . 2010-09-04 03:17	813336	----a-w-	c:\programdata\avg9\update\backup\avginet.dll
2010-09-04 03:17 . 2010-09-04 03:17	624920	----a-w-	c:\programdata\avg9\update\backup\avgiproxy.exe
2010-09-04 03:17 . 2010-09-04 03:17	1690464	----a-w-	c:\programdata\avg9\update\backup\avgupd.dll
2010-09-03 22:48 . 2010-08-30 11:57	767952	----a-w-	c:\windows\BDTSupport.dll
2010-09-03 22:47 . 2010-09-04 12:03	--------	d-----w-	c:\program files\PC Tools Security
2010-09-03 22:47 . 2010-09-04 12:03	--------	d-----w-	c:\program files\Common Files\PC Tools
2010-09-03 22:47 . 2010-09-03 22:47	--------	d-----w-	c:\users\Gregor\AppData\Roaming\PC Tools
2010-09-03 15:15 . 2010-09-04 12:03	--------	d-----w-	c:\programdata\PC Tools

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 10:58 . 2009-07-26 01:49	682914	----a-w-	c:\windows\system32\perfh010.dat
2010-09-15 10:58 . 2009-07-26 01:49	124850	----a-w-	c:\windows\system32\perfc010.dat
2010-09-15 10:58 . 2009-07-26 01:39	684260	----a-w-	c:\windows\system32\perfh013.dat
2010-09-15 10:58 . 2009-07-26 01:39	130452	----a-w-	c:\windows\system32\perfc013.dat
2010-09-15 10:58 . 2009-07-26 01:28	647376	----a-w-	c:\windows\system32\perfh007.dat
2010-09-15 10:58 . 2009-07-26 01:28	127404	----a-w-	c:\windows\system32\perfc007.dat
2010-09-15 10:58 . 2009-07-26 01:18	687858	----a-w-	c:\windows\system32\perfh00C.dat
2010-09-15 10:58 . 2009-07-26 01:18	127914	----a-w-	c:\windows\system32\perfc00C.dat
2010-09-15 10:10 . 2010-06-24 22:15	--------	d-----w-	c:\users\Gregor\AppData\Roaming\Skype
2010-09-15 09:54 . 2010-06-24 22:17	--------	d-----w-	c:\users\Gregor\AppData\Roaming\skypePM
2010-09-15 03:52 . 2010-09-15 03:39	112	----a-w-	c:\programdata\7mgHEu.dat
2010-09-15 03:15 . 2010-06-24 16:47	--------	d-----w-	c:\users\Gregor\AppData\Roaming\ASUS WebStorage
2010-09-15 03:15 . 2010-07-26 05:39	--------	d-----w-	c:\program files\FreeGPS
2010-09-04 12:03 . 2010-06-26 11:36	--------	d-----w-	c:\users\Gregor\AppData\Roaming\vlc
2010-09-04 12:03 . 2010-06-26 09:55	--------	d-----w-	c:\users\Gregor\AppData\Roaming\teamspeak2
2010-09-04 12:01 . 2010-06-24 19:43	--------	d-----w-	c:\program files\AVG
2010-09-04 03:31 . 2010-06-24 19:43	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-09-04 03:31 . 2010-06-24 19:43	29584	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-09-04 03:30 . 2010-06-24 19:43	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-09-04 03:05 . 2010-06-26 10:03	--------	d-----w-	c:\programdata\Installations
2010-09-04 03:05 . 2010-07-12 13:25	--------	d-----w-	c:\program files\Nokia
2010-09-04 02:52 . 2010-06-24 19:43	--------	d-----w-	c:\programdata\avg9
2010-08-12 04:53 . 2010-01-06 21:58	--------	d-----w-	c:\program files\Microsoft Works
2010-08-12 04:30 . 2010-01-06 21:56	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-12 00:30 . 2010-06-26 09:54	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2010-07-29 06:30 . 2010-08-12 00:31	197632	----a-w-	c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 00:31	82944	----a-w-	c:\windows\system32\iccvid.dll
2010-07-19 12:43 . 2010-07-19 12:39	--------	d-----w-	c:\program files\Google
2010-07-18 08:43 . 2010-07-18 08:43	0	---ha-w-	c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-18 08:43 . 2010-07-12 13:27	--------	d-----w-	c:\programdata\PC Suite
2010-07-12 13:24 . 2010-07-12 13:24	95232	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-07-12 13:24 . 2010-07-12 13:24	8192	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-07-12 13:24 . 2010-07-12 13:24	61440	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-07-12 13:24 . 2010-07-12 13:24	10240	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-07-12 13:23 . 2010-07-12 13:24	36426336	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_ger_web.exe
2010-06-30 06:25 . 2010-08-12 00:31	978432	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 13:26 . 2010-06-24 16:47	110816	----a-w-	c:\users\Gregor\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-25 00:28 . 2010-06-25 00:28	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-06-25 00:23 . 2010-06-25 00:23	0	----a-w-	c:\users\Gregor\AppData\Roaming\wklnhst.dat
2010-06-24 22:17 . 2010-06-24 22:17	56	---ha-w-	c:\programdata\ezsidmv.dat
2010-06-24 20:15 . 2010-06-24 20:19	53632	----a-w-	c:\users\Gregor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-24 20:15 . 2010-06-24 20:07	53632	----a-w-	c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-22 02:47 . 2010-08-12 00:31	310784	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 00:31	307200	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 00:31	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-12 00:31	3955080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 00:31	3899784	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 00:31	37376	----a-w-	c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 00:31	2326016	----a-w-	c:\windows\system32\win32k.sys
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

	Code: 

 ATTFilter

  
	<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Synaptics\SynTP\SynAsusAcpi .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
</pre>
         
 ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [N/A]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-15 35332]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-09-15 35332]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-06 3058304]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-06 2018032]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-06-21 199488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS WebStorage]
2009-12-24 10:25	1736704	----a-w-	c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
c:\program files\IVT Corporation\BlueSoleil\BtTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
c:\program files\ASUS\Eee Docking\Eee Docking.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EeeSplendidAgent]
c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 03:03	186904	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2009-09-11 21:25	33768	----a-w-	c:\windows\System32\AsusSender.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 25864]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 23048]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-25 691696]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-04 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-04 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-04 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-04 308136]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 12:39]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 12:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://asus.msn.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\02fy7gud.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85956ACE]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xe5726854
 SecurityProcedure -> 0x1
 QueryNameProcedure -> 0x89205eee
user & kernel MBR OK 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3532)
c:\progra~1\ASUS\ASUSWE~1\service\ASUSWS~1.DLL
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-15  13:24:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-15 11:24
ComboFix2.txt  2010-09-15 05:08

Vor Suchlauf: 15 Verzeichnis(se), 82.844.975.104 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 82.818.527.232 Bytes frei

- - End Of File - - 0858E22050FB6AB422979BC45B50A48C

--- --- ---

Nach den Logs habe ich mich wieder mit meinem Broadband Stick ins Internet eingeloggt, um die Logs zu senden (Falls das ein Problem für darstellt, teile es mir mit)

markusg · 15.09.2010, 12:42

ne, ich hatte mich nur über die ip gewundert.
nutze den kaspersky tdss killer
Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
falls etwas gefunden wurde, teile mir mit, welche atkion du ausgewählt hast. cure sollte angewendet werden.

gregger · 15.09.2010, 13:10

2010/09/15 13:59:04.0922 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/15 13:59:04.0922 ================================================================================
2010/09/15 13:59:04.0922 SystemInfo:
2010/09/15 13:59:04.0922
2010/09/15 13:59:04.0922 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/15 13:59:04.0922 Product type: Workstation
2010/09/15 13:59:04.0922 ComputerName: KI_NET
2010/09/15 13:59:04.0922 UserName: Gregor
2010/09/15 13:59:04.0922 Windows directory: C:\windows
2010/09/15 13:59:04.0922 System windows directory: C:\windows
2010/09/15 13:59:04.0922 Processor architecture: Intel x86
2010/09/15 13:59:04.0922 Number of processors: 2
2010/09/15 13:59:04.0922 Page size: 0x1000
2010/09/15 13:59:04.0922 Boot type: Normal boot
2010/09/15 13:59:04.0922 ================================================================================
2010/09/15 13:59:05.0671 Initialize success
2010/09/15 14:00:12.0205 ================================================================================
2010/09/15 14:00:12.0205 Scan started
2010/09/15 14:00:12.0205 Mode: Manual;
2010/09/15 14:00:12.0205 ================================================================================
2010/09/15 14:00:13.0921 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2010/09/15 14:00:14.0545 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2010/09/15 14:00:15.0028 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2010/09/15 14:00:15.0777 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2010/09/15 14:00:16.0417 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2010/09/15 14:00:17.0072 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2010/09/15 14:00:17.0680 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2010/09/15 14:00:18.0133 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2010/09/15 14:00:18.0710 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2010/09/15 14:00:19.0303 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2010/09/15 14:00:19.0771 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2010/09/15 14:00:20.0270 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2010/09/15 14:00:20.0847 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2010/09/15 14:00:21.0424 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2010/09/15 14:00:22.0095 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2010/09/15 14:00:22.0750 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2010/09/15 14:00:23.0343 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2010/09/15 14:00:23.0858 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2010/09/15 14:00:24.0466 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2010/09/15 14:00:24.0950 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2010/09/15 14:00:25.0449 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys
2010/09/15 14:00:25.0980 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2010/09/15 14:00:26.0510 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2010/09/15 14:00:27.0165 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
2010/09/15 14:00:27.0961 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\windows\system32\Drivers\avgldx86.sys
2010/09/15 14:00:28.0476 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\windows\system32\Drivers\avgmfx86.sys
2010/09/15 14:00:29.0053 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\windows\system32\Drivers\avgtdix.sys
2010/09/15 14:00:29.0568 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2010/09/15 14:00:30.0082 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2010/09/15 14:00:30.0660 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2010/09/15 14:00:31.0221 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2010/09/15 14:00:31.0767 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2010/09/15 14:00:32.0235 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2010/09/15 14:00:32.0781 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2010/09/15 14:00:33.0436 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2010/09/15 14:00:33.0920 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2010/09/15 14:00:34.0388 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2010/09/15 14:00:34.0887 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2010/09/15 14:00:37.0430 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2010/09/15 14:00:38.0023 BtHidBus (da9e15e55c33392d7dfd7f21116214be) C:\windows\system32\Drivers\BtHidBus.sys
2010/09/15 14:00:38.0616 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2010/09/15 14:00:39.0115 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2010/09/15 14:00:39.0630 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2010/09/15 14:00:40.0129 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2010/09/15 14:00:40.0659 btnetBUs (7bb8ac22bc9e6a1e7707daecada95cd9) C:\windows\system32\Drivers\btnetBus.sys
2010/09/15 14:00:41.0174 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
2010/09/15 14:00:43.0998 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2010/09/15 14:00:44.0528 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2010/09/15 14:00:45.0043 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2010/09/15 14:00:45.0542 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2010/09/15 14:00:46.0088 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2010/09/15 14:00:46.0572 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2010/09/15 14:00:47.0149 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2010/09/15 14:00:47.0632 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2010/09/15 14:00:48.0100 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2010/09/15 14:00:48.0662 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2010/09/15 14:00:49.0317 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2010/09/15 14:00:49.0816 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2010/09/15 14:00:50.0316 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2010/09/15 14:00:50.0924 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2010/09/15 14:00:51.0470 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
2010/09/15 14:00:52.0297 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2010/09/15 14:00:52.0952 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2010/09/15 14:00:53.0404 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2010/09/15 14:00:53.0966 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2010/09/15 14:00:54.0481 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2010/09/15 14:00:55.0027 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2010/09/15 14:00:55.0588 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2010/09/15 14:00:56.0025 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2010/09/15 14:00:56.0493 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2010/09/15 14:00:57.0055 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2010/09/15 14:00:57.0616 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2010/09/15 14:00:58.0100 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
2010/09/15 14:00:58.0615 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2010/09/15 14:00:59.0301 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\windows\system32\DRIVERS\fvevol.sys
2010/09/15 14:00:59.0754 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2010/09/15 14:01:00.0315 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2010/09/15 14:01:00.0846 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2010/09/15 14:01:01.0314 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2010/09/15 14:01:01.0735 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2010/09/15 14:01:02.0218 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2010/09/15 14:01:02.0718 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2010/09/15 14:01:03.0264 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2010/09/15 14:01:03.0934 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2010/09/15 14:01:04.0496 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2010/09/15 14:01:05.0026 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\windows\system32\DRIVERS\ewusbmdm.sys
2010/09/15 14:01:05.0510 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2010/09/15 14:01:06.0087 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2010/09/15 14:01:06.0789 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2010/09/15 14:01:07.0288 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2010/09/15 14:01:08.0006 igfx (81f7c715528ab621c6af58869d4b07b9) C:\windows\system32\DRIVERS\igdkmd32.sys
2010/09/15 14:01:08.0724 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2010/09/15 14:01:09.0582 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
2010/09/15 14:01:10.0096 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2010/09/15 14:01:10.0611 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2010/09/15 14:01:11.0126 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2010/09/15 14:01:11.0641 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2010/09/15 14:01:12.0140 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2010/09/15 14:01:12.0748 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2010/09/15 14:01:13.0263 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2010/09/15 14:01:13.0747 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2010/09/15 14:01:14.0480 IvtBtBUs (132eb047e3f94dc9eab83c74e8c2e85a) C:\windows\system32\Drivers\IvtBtBus.sys
2010/09/15 14:01:15.0026 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2010/09/15 14:01:15.0556 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2010/09/15 14:01:16.0134 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
2010/09/15 14:01:16.0742 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2010/09/15 14:01:17.0272 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2010/09/15 14:01:17.0834 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
2010/09/15 14:01:18.0567 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2010/09/15 14:01:19.0300 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2010/09/15 14:01:19.0815 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2010/09/15 14:01:20.0330 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2010/09/15 14:01:20.0829 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2010/09/15 14:01:21.0391 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2010/09/15 14:01:21.0968 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2010/09/15 14:01:22.0514 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2010/09/15 14:01:23.0029 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2010/09/15 14:01:23.0559 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2010/09/15 14:01:24.0090 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2010/09/15 14:01:24.0729 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2010/09/15 14:01:25.0197 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2010/09/15 14:01:25.0697 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2010/09/15 14:01:26.0243 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2010/09/15 14:01:26.0820 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2010/09/15 14:01:27.0350 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
2010/09/15 14:01:27.0881 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2010/09/15 14:01:28.0364 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2010/09/15 14:01:28.0863 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2010/09/15 14:01:29.0347 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2010/09/15 14:01:29.0924 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2010/09/15 14:01:30.0408 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2010/09/15 14:01:31.0063 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2010/09/15 14:01:31.0656 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2010/09/15 14:01:32.0139 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2010/09/15 14:01:32.0607 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2010/09/15 14:01:33.0107 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2010/09/15 14:01:33.0824 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2010/09/15 14:01:34.0292 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2010/09/15 14:01:34.0807 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2010/09/15 14:01:35.0384 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2010/09/15 14:01:35.0915 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2010/09/15 14:01:36.0476 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2010/09/15 14:01:36.0975 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2010/09/15 14:01:37.0521 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2010/09/15 14:01:38.0021 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2010/09/15 14:01:38.0504 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2010/09/15 14:01:39.0003 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2010/09/15 14:01:39.0581 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2010/09/15 14:01:40.0173 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2010/09/15 14:01:40.0813 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2010/09/15 14:01:42.0794 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2010/09/15 14:01:43.0293 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2010/09/15 14:01:43.0839 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2010/09/15 14:01:44.0339 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2010/09/15 14:01:44.0822 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2010/09/15 14:01:45.0290 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2010/09/15 14:01:45.0914 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2010/09/15 14:01:46.0491 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2010/09/15 14:01:47.0334 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2010/09/15 14:01:47.0927 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2010/09/15 14:01:48.0426 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2010/09/15 14:01:49.0549 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2010/09/15 14:01:50.0095 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2010/09/15 14:01:50.0594 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2010/09/15 14:01:51.0078 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2010/09/15 14:01:51.0717 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2010/09/15 14:01:52.0653 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2010/09/15 14:01:53.0153 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2010/09/15 14:01:53.0761 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2010/09/15 14:01:54.0307 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2010/09/15 14:01:54.0853 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2010/09/15 14:01:55.0383 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2010/09/15 14:01:55.0883 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2010/09/15 14:01:56.0366 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2010/09/15 14:01:56.0881 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2010/09/15 14:01:57.0396 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2010/09/15 14:01:57.0895 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2010/09/15 14:01:58.0410 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2010/09/15 14:01:58.0940 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2010/09/15 14:01:59.0424 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2010/09/15 14:01:59.0939 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2010/09/15 14:02:00.0485 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2010/09/15 14:02:00.0999 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2010/09/15 14:02:01.0514 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2010/09/15 14:02:02.0107 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2010/09/15 14:02:02.0871 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2010/09/15 14:02:03.0495 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2010/09/15 14:02:04.0026 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2010/09/15 14:02:04.0728 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2010/09/15 14:02:05.0321 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2010/09/15 14:02:05.0789 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2010/09/15 14:02:06.0257 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2010/09/15 14:02:06.0912 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2010/09/15 14:02:07.0411 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2010/09/15 14:02:07.0895 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2010/09/15 14:02:08.0363 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2010/09/15 14:02:08.0940 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2010/09/15 14:02:09.0439 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2010/09/15 14:02:09.0969 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2010/09/15 14:02:10.0484 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2010/09/15 14:02:11.0046 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2010/09/15 14:02:11.0670 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
2010/09/15 14:02:12.0169 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\windows\system32\DRIVERS\srv.sys
2010/09/15 14:02:12.0715 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\windows\system32\DRIVERS\srv2.sys
2010/09/15 14:02:13.0526 srvnet (08f28676802b58138e48a2b40caf6204) C:\windows\system32\DRIVERS\srvnet.sys
2010/09/15 14:02:14.0369 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2010/09/15 14:02:14.0852 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2010/09/15 14:02:15.0383 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
2010/09/15 14:02:16.0131 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2010/09/15 14:02:16.0740 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2010/09/15 14:02:17.0317 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2010/09/15 14:02:17.0801 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2010/09/15 14:02:18.0253 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2010/09/15 14:02:18.0939 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2010/09/15 14:02:19.0407 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2010/09/15 14:02:20.0141 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2010/09/15 14:02:20.0624 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2010/09/15 14:02:21.0077 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2010/09/15 14:02:21.0545 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2010/09/15 14:02:22.0169 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2010/09/15 14:02:22.0652 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2010/09/15 14:02:23.0120 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2010/09/15 14:02:24.0009 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2010/09/15 14:02:24.0509 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2010/09/15 14:02:25.0164 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2010/09/15 14:02:25.0710 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2010/09/15 14:02:26.0162 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2010/09/15 14:02:26.0615 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2010/09/15 14:02:27.0083 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\windows\system32\drivers\usbser.sys
2010/09/15 14:02:28.0065 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2010/09/15 14:02:28.0549 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2010/09/15 14:02:29.0017 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys
2010/09/15 14:02:29.0532 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2010/09/15 14:02:30.0031 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2010/09/15 14:02:30.0530 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2010/09/15 14:02:31.0076 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2010/09/15 14:02:31.0622 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2010/09/15 14:02:32.0153 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2010/09/15 14:02:32.0667 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2010/09/15 14:02:33.0104 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2010/09/15 14:02:33.0650 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2010/09/15 14:02:34.0321 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2010/09/15 14:02:34.0820 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2010/09/15 14:02:35.0304 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2010/09/15 14:02:35.0834 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2010/09/15 14:02:36.0318 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2010/09/15 14:02:37.0035 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2010/09/15 14:02:37.0566 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2010/09/15 14:02:37.0628 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2010/09/15 14:02:38.0237 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2010/09/15 14:02:38.0783 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2010/09/15 14:02:39.0485 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2010/09/15 14:02:39.0968 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2010/09/15 14:02:40.0686 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2010/09/15 14:02:41.0169 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2010/09/15 14:02:41.0856 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2010/09/15 14:02:42.0542 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2010/09/15 14:02:43.0041 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2010/09/15 14:02:43.0322 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/09/15 14:02:43.0353 ================================================================================
2010/09/15 14:02:43.0353 Scan finished
2010/09/15 14:02:43.0353 ================================================================================
2010/09/15 14:02:43.0463 Detected object count: 1
2010/09/15 14:03:02.0183 \HardDisk0\MBR - will be cured after reboot
2010/09/15 14:03:02.0183 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/09/15 14:03:17.0330 Deinitialize success

Ist der Virus hiermit beseitigt?, Google funktioniert meiner Meinung nach wieder

Ich werde jetzt überprüfen ob der weiße blinkende Strich noch erscheint

markusg · 15.09.2010, 13:37

öffne mein combuter (arbeitsplatz) c: dann qoobox. dort quarantain rechtsklick und zu quarantain.rar oder zip hinzufügen, archiv hochladen.
dateiupload:
http://www.trojaner-board.de/54791-a...ner-board.html
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide logs

gregger · 15.09.2010, 14:05

Das OTL ist auf deutsch, aber ich habe die Einstellungen vorgenommen. Soll ich die übrigen Felder wie Prozesse, Module, Dienste, Treiber, sowie Standard-Registrierung auf "Aus" stellen?

markusg · 15.09.2010, 14:49

nein, so belassen wie sie sind.

gregger · 16.09.2010, 04:07

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 9/16/2010 5:02:59 AM - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\Gregor\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 76.88 Gb Free Space | 76.88% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 87.99 Gb Free Space | 71.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 9.99 Gb Total Space | 2.12 Gb Free Space | 21.24% Space Free | Partition Type: FAT32
Drive G: | 22.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KI_NET
Current User Name: Gregor
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1529257259-4149104203-98430824-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA59635-F848-4608-BE39-6900E4673126}_is1" = FreeGPS
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}" = LivCam
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS WebStorage" = ASUS WebStorage
"AVG9Uninstall" = AVG Free 9.0
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"IrfanView" = IrfanView (remove only)
"Miranda IM" = Miranda IM 0.8.26
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Firefox 4.0b6 (x86 de)" = Mozilla Firefox 4.0b6 (x86 de)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virgin Mobile" = Virgin Mobile
"VLC media player" = VLC media player 1.1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 9/9/2010 7:45:39 PM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 9/9/2010 7:45:45 PM | Computer Name = ki_net | Source = Google Update | ID = 20
Description = 
 
Error - 9/9/2010 7:45:45 PM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 9/9/2010 7:45:45 PM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 9/10/2010 12:13:14 PM | Computer Name = ki_net | Source = Google Update | ID = 20
Description = 
 
Error - 9/11/2010 2:39:32 AM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 9/11/2010 2:48:41 AM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 9/11/2010 2:48:52 AM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 9/11/2010 2:50:03 AM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 9/11/2010 2:50:10 AM | Computer Name = ki_net | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
[ System Events ]
Error - 9/4/2010 1:00:19 AM | Computer Name = ki_net | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 9/4/2010 1:00:49 AM | Computer Name = ki_net | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst wuauserv erreicht.
 
Error - 9/4/2010 1:01:19 AM | Computer Name = ki_net | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 9/6/2010 6:22:51 PM | Computer Name = ki_net | Source = BugCheck | ID = 1001
Description = 
 
Error - 9/6/2010 6:23:16 PM | Computer Name = ki_net | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147943752.
 
Error - 9/6/2010 6:23:16 PM | Computer Name = ki_net | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
 folgendem dienstspezifischem Fehler beendet: %%-2147023544.
 
Error - 9/7/2010 7:38:41 PM | Computer Name = ki_net | Source = bowser | ID = 8003
Description = 
 
Error - 9/8/2010 12:48:14 AM | Computer Name = ki_net | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?09.?2010 um 06:16:53 unerwartet heruntergefahren.
 
Error - 9/11/2010 4:17:43 AM | Computer Name = ki_net | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = Fehler beim Starten des BITS-Dienstes. Fehler: 2147943515.
 
Error - 9/11/2010 4:17:43 AM | Computer Name = ki_net | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit
 folgendem dienstspezifischem Fehler beendet: %%-2147023781.
 
 
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 9/16/2010 5:02:59 AM - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\Gregor\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 76.88 Gb Free Space | 76.88% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 87.99 Gb Free Space | 71.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 9.99 Gb Total Space | 2.12 Gb Free Space | 21.24% Space Free | Partition Type: FAT32
Drive G: | 22.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KI_NET
Current User Name: Gregor
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gregor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Virgin Mobile\Virgin Mobile.exe ()
PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Gregor\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UsbserFilt) -- C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys File not found
DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys File not found
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys File not found
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys File not found
DRV - (catchme) -- C:\Users\Gregor\AppData\Local\Temp\catchme.sys File not found
DRV - (btwrchid) -- C:\Windows\System32\DRIVERS\btwrchid.sys File not found
DRV - (btwl2cap) -- C:\Windows\System32\DRIVERS\btwl2cap.sys File not found
DRV - (btwavdt) -- C:\Windows\System32\DRIVERS\btwavdt.sys File not found
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys File not found
DRV - (Btcsrusb) -- C:\Windows\System32\Drivers\btcusb.sys File not found
DRV - (BTCOMBUS) -- C:\Windows\System32\Drivers\btcombus.sys File not found
DRV - (BTCOM) -- C:\Windows\System32\DRIVERS\btcomport.sys File not found
DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys File not found
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (IvtBtBUs) -- C:\Windows\System32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/04 06:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/15 05:15:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/15 05:15:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010/09/15 14:21:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins
 
[2010/09/12 06:10:15 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\mozilla\Extensions
[2010/09/14 11:13:13 | 000,000,312 | ---- | M] () -- C:\Users\Gregor\AppData\Roaming\Mozilla\FireFox\Profiles\5ouhb008.default\searchplugins\bing.xml
 
O1 HOSTS File: ([2010/09/15 13:14:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe File not found
O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SuperHybridEngine] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1529257259-4149104203-98430824-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/23 12:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/09/22 10:45:42 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
MsConfig - StartUpReg: ASUS WebStorage - hkey= - key= - C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
MsConfig - StartUpReg: BtTray - hkey= - key= - C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe File not found
MsConfig - StartUpReg: Eee Docking - hkey= - key= - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe File not found
MsConfig - StartUpReg: EeeSplendidAgent - hkey= - key= - C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: LiveUpdate - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/09/15 14:53:55 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Gregor\Desktop\OTL.exe
[2010/09/15 14:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/15 14:22:03 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Desktop\Virus_folder
[2010/09/15 14:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 6
[2010/09/15 13:24:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/15 13:14:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/09/15 13:12:08 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Local\temp
[2010/09/15 12:39:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/15 12:39:06 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/15 12:06:55 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Documents\My Received Files
[2010/09/15 06:33:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/15 06:33:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/15 06:33:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/15 04:26:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/14 11:35:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/12 14:14:13 | 000,000,000 | ---D | C] -- C:\fixwareout
[2010/09/12 13:34:09 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\Malwarebytes
[2010/09/12 13:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/12 13:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/12 13:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/09/12 13:24:12 | 000,000,000 | ---D | C] -- C:\rsit
[2010/09/12 06:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/12 06:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 5
[2010/09/11 10:03:37 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\temp
[2010/09/11 10:02:52 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\EeeStorageUploader
[2010/09/08 01:40:33 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Desktop\work
[2010/09/07 01:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\etax2010
[2010/09/07 00:22:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/06 14:50:12 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/09/06 14:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\pdf24
[2010/09/04 05:31:29 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/09/04 00:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/09/04 00:47:38 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\PC Tools
[2010/09/04 00:47:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/03 17:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/08/27 05:47:19 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Documents\pdf24
[2010/08/25 01:08:10 | 000,000,000 | ---D | C] -- C:\Users\Gregor\Desktop\bilder speicherkarte
[2010/08/24 17:12:25 | 000,000,000 | ---D | C] -- C:\Users\Gregor\AppData\Roaming\WinRAR
[2010/08/24 17:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/11/04 15:06:04 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010/09/16 05:09:19 | 001,572,864 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat
[2010/09/16 05:00:54 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/16 05:00:54 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/16 05:00:12 | 064,670,715 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/16 04:54:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/16 04:53:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/16 04:53:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/16 04:53:07 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/16 00:51:04 | 002,477,039 | -H-- | M] () -- C:\Users\Gregor\AppData\Local\IconCache.db
[2010/09/16 00:49:40 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/15 14:56:17 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Gregor\Desktop\OTL.exe
[2010/09/15 14:38:15 | 000,000,972 | ---- | M] () -- C:\Users\Gregor\Desktop\CCleaner.lnk
[2010/09/15 13:31:50 | 003,915,028 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/15 13:31:50 | 000,687,858 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/09/15 13:31:50 | 000,684,260 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010/09/15 13:31:50 | 000,682,914 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010/09/15 13:31:50 | 000,647,376 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/09/15 13:31:50 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/15 13:31:50 | 000,130,452 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010/09/15 13:31:50 | 000,127,914 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/09/15 13:31:50 | 000,127,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/09/15 13:31:50 | 000,124,850 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010/09/15 13:31:50 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/15 13:14:58 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/15 13:14:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/15 12:35:20 | 000,000,000 | ---- | M] () -- C:\Users\Gregor\defogger_reenable
[2010/09/15 05:52:27 | 000,000,112 | ---- | M] () -- C:\ProgramData\7mgHEu.dat
[2010/09/15 05:27:44 | 003,845,016 | R--- | M] () -- C:\Users\Gregor\Desktop\ComboFix.exe
[2010/09/15 05:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{87d92b70-c074-11df-a149-485b3915c2f6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/15 05:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{87d92b70-c074-11df-a149-485b3915c2f6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 05:17:49 | 000,065,536 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{87d92b70-c074-11df-a149-485b3915c2f6}.TM.blf
[2010/09/07 00:22:37 | 160,002,738 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/06 14:15:32 | 000,000,856 | ---- | M] () -- C:\Users\Gregor\Desktop\Dokumente Gregor - Verknüpfung.lnk
[2010/09/04 05:31:35 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/04 05:31:29 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/04 05:31:29 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/09/04 05:30:56 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/04 05:10:14 | 000,524,288 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{c498ff9c-b7cd-11df-9bcb-485b3915c2f6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/04 05:10:14 | 000,524,288 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{c498ff9c-b7cd-11df-9bcb-485b3915c2f6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/04 05:10:14 | 000,065,536 | -HS- | M] () -- C:\Users\Gregor\ntuser.dat{c498ff9c-b7cd-11df-9bcb-485b3915c2f6}.TM.blf
[2010/09/04 05:08:06 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2010/08/30 13:57:00 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010/08/25 11:52:13 | 000,018,873 | ---- | M] () -- C:\Users\Gregor\Documents\vorlage_cv.docx
[2010/08/25 09:23:46 | 001,934,721 | ---- | M] () -- C:\Users\Gregor\Documents\timesheet9July08.pdf
 
========== Files Created - No Company Name ==========
 
[2010/09/15 14:38:15 | 000,000,972 | ---- | C] () -- C:\Users\Gregor\Desktop\CCleaner.lnk
[2010/09/15 12:35:20 | 000,000,000 | ---- | C] () -- C:\Users\Gregor\defogger_reenable
[2010/09/15 06:33:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/15 06:33:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/15 06:33:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/15 06:33:36 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/15 06:33:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/15 05:39:26 | 000,000,112 | ---- | C] () -- C:\ProgramData\7mgHEu.dat
[2010/09/15 05:30:46 | 000,035,328 | ---- | C] () -- C:\Windows\Fonts\A4QeWv.com
[2010/09/15 05:26:31 | 003,845,016 | R--- | C] () -- C:\Users\Gregor\Desktop\ComboFix.exe
[2010/09/15 05:17:48 | 000,524,288 | -HS- | C] () -- C:\Users\Gregor\ntuser.dat{87d92b70-c074-11df-a149-485b3915c2f6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/15 05:17:48 | 000,524,288 | -HS- | C] () -- C:\Users\Gregor\ntuser.dat{87d92b70-c074-11df-a149-485b3915c2f6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 05:17:48 | 000,065,536 | -HS- | C] () -- C:\Users\Gregor\ntuser.dat{87d92b70-c074-11df-a149-485b3915c2f6}.TM.blf
[2010/09/07 00:22:37 | 160,002,738 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/06 14:15:32 | 000,000,856 | ---- | C] () -- C:\Users\Gregor\Desktop\Dokumente Gregor - Verknüpfung.lnk
[2010/09/04 04:41:26 | 000,524,288 | -HS- | C] () -- C:\Users\Gregor\ntuser.dat{c498ff9c-b7cd-11df-9bcb-485b3915c2f6}.TMContainer00000000000000000002.regtrans-ms
[2010/09/04 04:41:25 | 000,524,288 | -HS- | C] () -- C:\Users\Gregor\ntuser.dat{c498ff9c-b7cd-11df-9bcb-485b3915c2f6}.TMContainer00000000000000000001.regtrans-ms
[2010/09/04 04:41:25 | 000,065,536 | -HS- | C] () -- C:\Users\Gregor\ntuser.dat{c498ff9c-b7cd-11df-9bcb-485b3915c2f6}.TM.blf
[2010/09/04 00:48:31 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/08/25 09:23:45 | 001,934,721 | ---- | C] () -- C:\Users\Gregor\Documents\timesheet9July08.pdf
[2010/08/24 15:35:46 | 000,018,873 | ---- | C] () -- C:\Users\Gregor\Documents\vorlage_cv.docx
[2010/07/02 18:03:40 | 000,017,408 | ---- | C] () -- C:\Users\Gregor\AppData\Local\WebpageIcons.db
[2010/06/25 02:23:04 | 000,000,000 | ---- | C] () -- C:\Users\Gregor\AppData\Roaming\wklnhst.dat
[2010/06/25 00:17:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/24 19:57:09 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2010/04/06 18:33:10 | 000,025,864 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2010/01/07 00:14:26 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2010/01/07 00:14:18 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/01/06 23:47:03 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010/01/07 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010/01/07 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2010/06/25 00:43:32 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Asus
[2010/09/15 05:15:49 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\ASUS WebStorage
[2010/06/25 09:57:42 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\DAEMON Tools Lite
[2010/09/11 10:02:52 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\EeeStorageUploader
[2010/07/02 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\IrfanView
[2010/06/24 22:40:17 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\LolClient
[2010/06/25 01:11:16 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Miranda
[2010/07/12 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Nokia
[2010/07/12 15:28:48 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\PC Suite
[2010/09/15 05:15:35 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\temp
[2010/06/25 02:23:35 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Template
[2010/09/15 05:56:10 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/06/25 12:37:04 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Adobe
[2010/06/25 00:43:32 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Asus
[2010/09/15 05:15:49 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\ASUS WebStorage
[2010/06/25 09:57:42 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\DAEMON Tools Lite
[2010/09/11 10:02:52 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\EeeStorageUploader
[2009/07/14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Identities
[2010/01/06 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\InstallShield
[2010/07/02 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\IrfanView
[2010/06/24 22:40:17 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\LolClient
[2010/01/06 23:55:11 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Macromedia
[2010/09/12 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Malwarebytes
[2010/09/15 05:15:11 | 000,000,000 | --SD | M] -- C:\Users\Gregor\AppData\Roaming\Microsoft
[2010/06/25 01:11:16 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Miranda
[2010/09/15 05:15:15 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Mozilla
[2010/07/12 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Nokia
[2010/07/12 15:28:48 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\PC Suite
[2010/09/04 00:47:38 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\PC Tools
[2010/09/15 13:58:49 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Skype
[2010/09/15 11:54:30 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\skypePM
[2010/09/04 14:03:55 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\teamspeak2
[2010/09/15 05:15:35 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\temp
[2010/06/25 02:23:35 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\Template
[2010/09/04 14:03:55 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\vlc
[2010/08/24 17:12:25 | 000,000,000 | ---D | M] -- C:\Users\Gregor\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010/06/24 22:15:10 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Gregor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

--- --- ---

markusg · 16.09.2010, 10:06

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

gregger · 16.09.2010, 12:29

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-14.01 - Gregor 16.09.2010  12:55:51.3.2 - x86
Microsoft Windows 7 Starter   6.1.7600.0.1252.49.1031.18.2038.1280 [GMT 2:00]
ausgeführt von:: c:\users\Gregor\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Eventuell infizierte Webseiten -----

hxxp://au.download.windowsupdate.com
.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-16 bis 2010-09-16  ))))))))))))))))))))))))))))))
.

2010-09-16 11:19 . 2010-09-16 11:19	--------	d-----w-	c:\users\Gregor\AppData\Local\temp
2010-09-16 11:19 . 2010-09-16 11:19	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-09-16 11:19 . 2010-09-16 11:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-15 15:26 . 2010-08-21 05:32	316928	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-15 12:38 . 2010-09-15 12:38	--------	d-----w-	c:\program files\CCleaner
2010-09-15 12:21 . 2010-09-15 12:21	--------	d-----w-	c:\program files\Mozilla Firefox 4.0 Beta 6
2010-09-12 12:14 . 2010-09-15 03:15	--------	d-----w-	C:\fixwareout
2010-09-12 11:34 . 2010-09-12 11:34	--------	d-----w-	c:\users\Gregor\AppData\Roaming\Malwarebytes
2010-09-12 11:33 . 2010-09-12 11:33	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-12 11:33 . 2010-09-15 12:39	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-12 11:24 . 2010-09-12 11:24	--------	d-----w-	C:\rsit
2010-09-12 11:24 . 2010-09-12 11:24	--------	d-----w-	c:\program files\trend micro
2010-09-12 04:20 . 2010-09-14 09:18	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-09-12 04:09 . 2010-09-15 03:15	--------	d-----w-	c:\program files\Mozilla Firefox 4.0 Beta 5
2010-09-11 08:02 . 2010-09-11 08:02	--------	d-----w-	c:\users\Gregor\AppData\Roaming\EeeStorageUploader
2010-09-06 23:56 . 2010-09-15 03:15	--------	d-----w-	c:\program files\etax2010
2010-09-06 12:50 . 2010-09-06 12:50	--------	d-----w-	C:\$AVG
2010-09-06 12:07 . 2010-09-15 05:02	--------	d-----w-	c:\program files\pdf24
2010-09-04 03:32 . 2010-09-04 03:32	29512	----a-w-	c:\programdata\avg9\update\backup\avgmfx86.sys
2010-09-04 03:32 . 2010-09-04 03:32	242896	----a-w-	c:\programdata\avg9\update\backup\avgtdix.sys
2010-09-04 03:32 . 2010-09-04 03:32	216200	----a-w-	c:\programdata\avg9\update\backup\avgldx86.sys
2010-09-04 03:31 . 2010-09-04 03:31	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-09-04 03:17 . 2010-09-04 03:17	1038688	----a-w-	c:\programdata\avg9\update\backup\avgupd.exe
2010-09-04 03:17 . 2010-09-04 03:17	813336	----a-w-	c:\programdata\avg9\update\backup\avginet.dll
2010-09-04 03:17 . 2010-09-04 03:17	624920	----a-w-	c:\programdata\avg9\update\backup\avgiproxy.exe
2010-09-04 03:17 . 2010-09-04 03:17	1690464	----a-w-	c:\programdata\avg9\update\backup\avgupd.dll
2010-09-03 22:48 . 2010-08-30 11:57	767952	----a-w-	c:\windows\BDTSupport.dll
2010-09-03 22:47 . 2010-09-04 12:03	--------	d-----w-	c:\program files\PC Tools Security
2010-09-03 22:47 . 2010-09-04 12:03	--------	d-----w-	c:\program files\Common Files\PC Tools
2010-09-03 22:47 . 2010-09-03 22:47	--------	d-----w-	c:\users\Gregor\AppData\Roaming\PC Tools
2010-09-03 15:15 . 2010-09-04 12:03	--------	d-----w-	c:\programdata\PC Tools

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 08:09 . 2009-07-14 04:52	--------	d-----w-	c:\program files\Windows Sidebar
2010-09-16 08:09 . 2009-07-14 04:52	--------	d-----w-	c:\program files\Windows Photo Viewer
2010-09-16 08:09 . 2009-07-14 04:52	--------	d-----w-	c:\program files\Windows Defender
2010-09-16 08:09 . 2009-07-14 04:52	--------	d-----w-	c:\program files\DVD Maker
2010-09-16 08:09 . 2009-07-14 02:37	--------	d-----w-	c:\program files\Windows Mail
2010-09-15 22:57 . 2010-01-06 21:56	--------	d-----w-	c:\programdata\Microsoft Help
2010-09-15 11:58 . 2010-06-24 22:15	--------	d-----w-	c:\users\Gregor\AppData\Roaming\Skype
2010-09-15 11:31 . 2009-07-26 01:28	647376	----a-w-	c:\windows\system32\perfh007.dat
2010-09-15 11:31 . 2009-07-26 01:28	127404	----a-w-	c:\windows\system32\perfc007.dat
2010-09-15 09:54 . 2010-06-24 22:17	--------	d-----w-	c:\users\Gregor\AppData\Roaming\skypePM
2010-09-15 03:52 . 2010-09-15 03:39	112	----a-w-	c:\programdata\7mgHEu.dat
2010-09-15 03:15 . 2010-06-24 16:47	--------	d-----w-	c:\users\Gregor\AppData\Roaming\ASUS WebStorage
2010-09-15 03:15 . 2010-07-26 05:39	--------	d-----w-	c:\program files\FreeGPS
2010-09-04 12:03 . 2010-06-26 11:36	--------	d-----w-	c:\users\Gregor\AppData\Roaming\vlc
2010-09-04 12:03 . 2010-06-26 09:55	--------	d-----w-	c:\users\Gregor\AppData\Roaming\teamspeak2
2010-09-04 12:01 . 2010-06-24 19:43	--------	d-----w-	c:\program files\AVG
2010-09-04 03:31 . 2010-06-24 19:43	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-09-04 03:31 . 2010-06-24 19:43	29584	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-09-04 03:30 . 2010-06-24 19:43	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-09-04 03:05 . 2010-06-26 10:03	--------	d-----w-	c:\programdata\Installations
2010-09-04 03:05 . 2010-07-12 13:25	--------	d-----w-	c:\program files\Nokia
2010-09-04 02:52 . 2010-06-24 19:43	--------	d-----w-	c:\programdata\avg9
2010-08-12 04:53 . 2010-01-06 21:58	--------	d-----w-	c:\program files\Microsoft Works
2010-08-12 00:30 . 2010-06-26 09:54	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2010-07-29 06:30 . 2010-08-12 00:31	197632	----a-w-	c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 00:31	82944	----a-w-	c:\windows\system32\iccvid.dll
2010-07-19 12:43 . 2010-07-19 12:39	--------	d-----w-	c:\program files\Google
2010-07-12 13:24 . 2010-07-12 13:24	95232	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-07-12 13:24 . 2010-07-12 13:24	8192	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-07-12 13:24 . 2010-07-12 13:24	61440	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-07-12 13:24 . 2010-07-12 13:24	10240	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-07-12 13:23 . 2010-07-12 13:24	36426336	----a-w-	c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_ger_web.exe
2010-06-30 06:25 . 2010-08-12 00:31	978432	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 13:26 . 2010-06-24 16:47	110816	----a-w-	c:\users\Gregor\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-25 00:28 . 2010-06-25 00:28	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-06-25 00:23 . 2010-06-25 00:23	0	----a-w-	c:\users\Gregor\AppData\Roaming\wklnhst.dat
2010-06-24 22:17 . 2010-06-24 22:17	56	---ha-w-	c:\programdata\ezsidmv.dat
2010-06-24 20:15 . 2010-06-24 20:19	53632	----a-w-	c:\users\Gregor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-24 20:15 . 2010-06-24 20:07	53632	----a-w-	c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-22 02:47 . 2010-08-12 00:31	310784	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 00:31	307200	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 00:31	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-12 00:31	3955080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 00:31	3899784	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 00:31	37376	----a-w-	c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 00:31	2326016	----a-w-	c:\windows\system32\win32k.sys
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

	Code: 

 ATTFilter

  
	<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Synaptics\SynTP\SynAsusAcpi .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
</pre>
         
 ((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [N/A]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-15 35332]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-09-15 35332]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-06 3058304]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-06 2018032]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-06-21 199488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS WebStorage]
2009-12-24 10:25	1736704	----a-w-	c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
c:\program files\IVT Corporation\BlueSoleil\BtTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
c:\program files\ASUS\Eee Docking\Eee Docking.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EeeSplendidAgent]
c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 03:03	186904	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2009-09-11 21:25	33768	----a-w-	c:\windows\System32\AsusSender.exe

R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 25864]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 23048]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-25 691696]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-04 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-09-04 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-04 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-04 308136]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 12:39]

2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-19 12:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://asus.msn.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\02fy7gud.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-09-16  13:25:40
ComboFix-quarantined-files.txt  2010-09-16 11:25
ComboFix2.txt  2010-09-15 11:24
ComboFix3.txt  2010-09-15 05:08

Vor Suchlauf: 15 Verzeichnis(se), 83.403.505.664 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 83.143.380.992 Bytes frei

- - End Of File - - 8412A7D98C066DE83D62365F4505887A

--- --- ---

markusg · 16.09.2010, 14:06

gibts noch irgendwelche probleme?

13.09.2010, 12:50	#2
markusg /// Malware-holic	Google öffnet "falsche Links", hatte ANTIVIRUS GT spybot kann wieder runter. wenn Malwarebytes was gefunden hatt, schau unter logdateien, poste das scan log. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix __________________

15.09.2010, 12:42	#7
markusg /// Malware-holic	Google öffnet "falsche Links", hatte ANTIVIRUS GT ne, ich hatte mich nur über die ip gewundert. nutze den kaspersky tdss killer Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? falls etwas gefunden wurde, teile mir mit, welche atkion du ausgewählt hast. cure sollte angewendet werden.

15.09.2010, 14:49	#11
markusg /// Malware-holic	Google öffnet "falsche Links", hatte ANTIVIRUS GT nein, so belassen wie sie sind.

16.09.2010, 10:06	#13
markusg /// Malware-holic	Google öffnet "falsche Links", hatte ANTIVIRUS GT bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix

16.09.2010, 14:06	#15
markusg /// Malware-holic	Google öffnet "falsche Links", hatte ANTIVIRUS GT gibts noch irgendwelche probleme?

Google öffnet "falsche Links", hatte ANTIVIRUS GT

Plagegeister aller Art und deren Bekämpfung: Google öffnet "falsche Links", hatte ANTIVIRUS GT