Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Plagegeister aller Art und deren Bekämpfung: TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 18.02.2011, 14:26   #1
Schinkenbrot
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Hallo!

Bin über google auf mehrere Threads hier zu oben genanntem Virenfund (TR/Crypt.EPACK.Gen2) gestoßen, nachdem Antivir mich damit auch schon seit Stunden in regelmäßigen Abständen konfrontriert hat...

Genauer:
Zitat:
In der Datei 'C:\Users\Tobias\AppData\Local\Temp\HI946dJXO.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' gefunden.
Bin wie in einem der anderen Threads dazu genannt vorgegangen und bräuchte jetzt wohl einen Text für die "Custom Scan Box" von OTL. Hoffe, ich habe alles soweit richtig verstanden und danke schon im Voraus für eure Hilfe.


Malwarebytes-Log:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5794

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.02.2011 13:05:58
mbam-log-2011-02-18 (13-05-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 304778
Laufzeit: 1 Stunde(n), 24 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syscheckrt.exe (Spyware.Passwords.XGen) -> Value: syscheckrt.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\syscheckrt (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\syscheckrt\syscheckrt.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\syscheckrt\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
"Spyeyes" gefiel mir nach weiterem googlen natürlich gar nicht, aber vielleicht hat es sich damit ja jetzt schon erledigt. Allerdings habe ich durch ein altes Logfile (hatte mir Malwarebytes erst im Januar 2011 besorgt wegen einem anderen kleinen Vorfall, der sich danach scheinbar erledigt hat) gesehen, dass dort auch schon entsprechende Daten gelistet waren.



Aber weiter mit OTL.

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 18.02.2011 13:09:34 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Tobias\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 40,19 Gb Free Space | 9,46% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 31,61 Gb Free Space | 79,01% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS-NOTEBOOK | User Name: Tobias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ArcSec) -- C:\Windows\System32\drivers\ArcSec.sys ()
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (SynTP) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV - (JME) -- C:\Windows\System32\drivers\JME.sys (JMicron Technology Corp.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Iviaspi) -- C:\Windows\System32\drivers\iviaspi.sys (InterVideo, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.60
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 1
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 02:45:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.18 11:55:16 | 000,000,000 | ---D | M]
 
[2009.12.24 20:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions
[2011.02.17 23:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\uh3h1c58.default\extensions
[2010.06.20 21:03:51 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\uh3h1c58.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010.12.24 12:08:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\uh3h1c58.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.31 12:42:22 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\uh3h1c58.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009.12.25 23:21:35 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\uh3h1c58.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2011.01.07 17:18:47 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\uh3h1c58.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.07.21 10:02:22 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\uh3h1c58.default\extensions\gutscheinmieze@synatix-gmbh.de
[2011.02.17 13:16:48 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\uh3h1c58.default\extensions\optout@dubfire.net
[2010.11.01 11:58:40 | 000,000,000 | ---D | M] (Foxit Toolbar) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\uh3h1c58.default\extensions\toolbar@ask.com
[2010.12.03 00:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.12.24 22:54:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.04 20:03:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.27 07:43:50 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll
[2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.03.12 15:03:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 15:03:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.21 10:02:23 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src
[2010.03.12 15:03:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 15:03:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 15:03:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Tobias\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Tobias\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft)
O4 - Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.18 11:53:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2011.02.18 11:53:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.02.18 11:27:03 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe
[2011.02.16 23:18:33 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.16 23:18:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.16 23:18:33 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.16 23:18:33 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.16 23:18:33 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.16 23:18:33 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.16 23:18:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.16 23:18:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.16 23:18:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.16 23:12:47 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.16 23:12:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.02.16 23:12:23 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.02.16 23:11:47 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.16 23:11:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.16 23:11:45 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.16 23:11:45 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.16 23:11:24 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011.02.16 23:11:22 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011.02.16 23:11:22 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011.02.16 23:11:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011.02.16 23:11:12 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.02.11 20:40:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10
[2011.02.11 20:30:53 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\dvdcss
[2011.02.11 20:29:17 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\vlc
[2011.02.11 20:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.02.11 20:28:57 | 000,000,000 | ---D | C] -- C:\Programme\VLC
[2011.02.11 20:27:50 | 124,327,992 | ---- | C] (                                                            ) -- C:\Users\Tobias\Documents\CyberLink.2113_Trial__DVD100611-20.exe
[2011.02.05 22:03:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011.02.04 18:17:54 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Avira
[2011.01.29 16:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.01.29 16:49:38 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.01.29 16:49:38 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.01.29 16:49:38 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.01.29 16:49:37 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.01.29 16:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.01.29 14:34:04 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Malwarebytes
[2011.01.29 14:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.29 14:33:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.29 14:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.29 14:33:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.29 14:33:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.27 02:23:37 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\ArcSoft
[2011.01.27 02:09:58 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\ArcSoft
[2011.01.27 02:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2011.01.27 02:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 5
[2011.01.27 02:04:26 | 000,000,000 | ---D | C] -- C:\Programme\ArcSoft
[2011.01.27 02:02:59 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Downloaded Installations
[2011.01.26 17:56:18 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\Aiseesoft Studio
[2011.01.26 17:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
[2011.01.26 17:55:37 | 000,000,000 | ---D | C] -- C:\Programme\Aiseesoft Studio
[2011.01.26 17:12:57 | 000,000,000 | ---D | C] -- C:\Users\Tobias\My Documents
[2011.01.26 17:12:52 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Pavtube
[2011.01.26 17:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pavtube
[2011.01.26 17:11:11 | 000,000,000 | ---D | C] -- C:\Programme\Pavtube
[2011.01.26 17:05:47 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\AnyDVD 6770
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009.06.06 22:14:10 | 000,569,344 | ---- | C] (Wavosaur Team) -- C:\Programme\Wavosaur.1.0.5.0.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.18 13:08:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.18 13:08:07 | 2363,129,856 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.18 11:55:17 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.02.18 11:44:51 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.18 11:44:51 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.18 11:44:51 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.18 11:44:51 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.18 11:27:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe
[2011.02.18 09:22:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.18 09:22:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.18 09:20:06 | 000,000,123 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.02.17 08:09:42 | 000,415,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.11 20:40:29 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
[2011.02.11 20:35:06 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2011.02.11 20:03:34 | 124,327,992 | ---- | M] (                                                            ) -- C:\Users\Tobias\Documents\CyberLink.2113_Trial__DVD100611-20.exe
[2011.02.11 20:03:22 | 020,364,702 | ---- | M] () -- C:\Users\Tobias\Documents\vlc-1.1.7-win32.exe
[2011.02.03 06:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.02.02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.02.01 11:54:55 | 326,475,888 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.01.27 02:07:44 | 000,002,336 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
[2011.01.19 22:37:54 | 000,020,520 | ---- | M] () -- C:\Users\Tobias\Documents\Prohibited_german.pdf
 
========== Files Created - No Company Name ==========
 
[2011.02.18 11:53:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.02.18 11:53:49 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.02.11 20:40:29 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
[2011.02.11 20:27:55 | 020,364,702 | ---- | C] () -- C:\Users\Tobias\Documents\vlc-1.1.7-win32.exe
[2011.01.27 02:07:44 | 000,002,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
[2011.01.19 22:37:48 | 000,020,520 | ---- | C] () -- C:\Users\Tobias\Documents\Prohibited_german.pdf
[2010.10.02 16:37:59 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.09.21 09:10:32 | 000,192,504 | ---- | C] () -- C:\Windows\System32\drivers\ArcSec.sys
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.04.02 22:07:09 | 000,004,608 | ---- | C] () -- C:\Users\Tobias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.22 11:37:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.01.18 12:52:08 | 000,000,123 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.12.27 17:05:18 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.12.27 17:05:18 | 000,000,636 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.27 17:05:18 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2009.12.25 12:20:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.13 14:53:58 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.17 12:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.09.29 11:18:10 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.09.29 06:38:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2009.09.29 06:15:05 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.09.28 11:53:48 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.05.29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[1996.11.15 00:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\System32\VADE232.DLL
[1996.11.15 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1996.11.15 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1996.11.15 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

< End of report >
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 18.02.2011 13:09:34 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Tobias\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 40,19 Gb Free Space | 9,46% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 31,61 Gb Free Space | 79,01% Space Free | Partition Type: NTFS
 
Computer Name: TOBIAS-NOTEBOOK | User Name: Tobias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0D4AD0B4-AAEB-4DDB-9F5C-56541C213605}" = OpenOffice.org 3.2
"{0D93D930-523A-4A1A-85F5-52302A01A50B}" = InterVideo Disc Master
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = PowerDVD
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB216244-7728-4D97-893F-84B715E0886B}_is1" = Pavtube Blu-ray Ripper version 3.7.1.2290
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aiseesoft Blu-ray Ripper_is1" = Aiseesoft Blu-ray Ripper
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CloneDVD2" = CloneDVD2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office8.0" = Microsoft Office 97, Professional Edition
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.7
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.02.2011 06:21:07 | Computer Name = Tobias-Notebook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 08.02.2011 06:21:07 | Computer Name = Tobias-Notebook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\SEPsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 08.02.2011 06:21:14 | Computer Name = Tobias-Notebook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 11.02.2011 11:30:10 | Computer Name = Tobias-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DVD2AVI.exe, Version: 0.0.0.0, Zeitstempel:
 0x3d12f7c1  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel:
 0x4ba9b21e  Ausnahmecode: 0xc000071c  Fehleroffset: 0x000985bb  ID des fehlerhaften Prozesses:
 0xba0  Startzeit der fehlerhaften Anwendung: 0x01cbca008a264309  Pfad der fehlerhaften
 Anwendung: C:\Program Files\DVD2Avi\DVD2AVI.exe  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
 cf66cf69-35f3-11e0-8e1d-00222007d804
 
Error - 11.02.2011 14:49:51 | Computer Name = Tobias-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c2913  ID des fehlerhaften
 Prozesses: 0x8ec  Startzeit der fehlerhaften Anwendung: 0x01cbc767e7e15044  Pfad der
 fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
 b4d61a03-360f-11e0-8e1d-00222007d804
 
Error - 11.02.2011 15:29:44 | Computer Name = Tobias-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.7.0, Zeitstempel:
 0x4d45d7ae  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel:
 0x4ba9b21e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c2913  ID des fehlerhaften Prozesses:
 0x130c  Startzeit der fehlerhaften Anwendung: 0x01cbca21f91f3f3b  Pfad der fehlerhaften
 Anwendung: C:\Program Files\VLC\vlc.exe  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
 47012f9f-3615-11e0-8e1d-00222007d804
 
Error - 11.02.2011 15:35:08 | Computer Name = Tobias-Notebook | Source = VSS | ID = 8194
Description = 
 
Error - 11.02.2011 20:24:50 | Computer Name = Tobias-Notebook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 17.02.2011 14:37:44 | Computer Name = Tobias-Notebook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 18.02.2011 05:47:59 | Computer Name = Tobias-Notebook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
[ System Events ]
Error - 14.10.2010 16:40:24 | Computer Name = Tobias-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 14.10.2010 16:40:25 | Computer Name = Tobias-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 14.10.2010 16:55:00 | Computer Name = Tobias-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
 
Error - 14.10.2010 16:55:01 | Computer Name = Tobias-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
 
Error - 15.10.2010 13:22:27 | Computer Name = Tobias-Notebook | Source = BROWSER | ID = 8032
Description = 
 
Error - 16.10.2010 06:56:01 | Computer Name = Tobias-Notebook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?10.?2010 um 12:54:10 unerwartet heruntergefahren.
 
Error - 16.10.2010 07:10:46 | Computer Name = Tobias-Notebook | Source = BROWSER | ID = 8032
Description = 
 
Error - 16.10.2010 10:22:44 | Computer Name = Tobias-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 16.10.2010 10:22:45 | Computer Name = Tobias-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 17.10.2010 08:46:41 | Computer Name = Tobias-Notebook | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >

Alt 18.02.2011, 19:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________

__________________
Alt 18.02.2011, 21:04   #3
Schinkenbrot
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5634

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.01.2011 16:40:11
mbam-log-2011-01-29 (16-40-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 297244
Laufzeit: 2 Stunde(n), 1 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\portwexexe.exe (Trojan.SpyEyes.WC) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\Tobias\AppData\Local\gaqktcsii.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Tobias\AppData\Local\Temp\D34F.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\portwexexe.exe\portwexexe.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Tobias\AppData\Roaming\microsoft\Windows\start menu\Programs\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.
c:\Users\Tobias\AppData\Local\Temp\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\portwexexe.exe\config.bin (Trojan.SpyEyes.WC) -> Quarantined and deleted successfully.
Security Shield Ink hat mich damals auf den Plan gerufen.
__________________
Alt 18.02.2011, 22:11   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.02.2011, 16:55   #5
Schinkenbrot
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Code:
ATTFilter
ComboFix 11-02-17.02 - Tobias 19.02.2011  15:57:00.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3005.2037 [GMT 1:00]
ausgeführt von:: c:\users\Tobias\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop
c:\users\Tobias\AppData\Roaming\.#
c:\users\Tobias\AppData\Roaming\.#\MBX@BEC@1502740.###
c:\users\Tobias\AppData\Roaming\.#\MBX@BEC@1502770.###
c:\users\Tobias\videos\auxsetup.exe
c:\users\Tobias\videos\vdub.exe
c:\users\Tobias\videos\VirtualDub.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-19 bis 2011-02-19  ))))))))))))))))))))))))))))))
.

2011-02-19 15:01 . 2011-02-19 15:01	--------	d-----w-	c:\users\Tobias\AppData\Local\temp
2011-02-19 15:01 . 2011-02-19 15:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-19 14:47 . 2011-02-19 14:47	--------	d-----w-	c:\program files\CCleaner
2011-02-18 10:53 . 2011-02-18 10:53	--------	d-----w-	c:\program files\Common Files\Adobe
2011-02-18 09:46 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D612B095-5EDF-4020-802D-46E240446BE9}\mpengine.dll
2011-02-16 22:12 . 2011-01-05 03:37	2329088	----a-w-	c:\windows\system32\win32k.sys
2011-02-16 22:12 . 2011-01-05 05:37	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-02-11 19:30 . 2011-02-11 19:30	--------	d-----w-	c:\users\Tobias\AppData\Roaming\dvdcss
2011-02-11 19:29 . 2011-02-11 19:32	--------	d-----w-	c:\users\Tobias\AppData\Roaming\vlc
2011-02-11 19:28 . 2011-02-11 19:29	--------	d-----w-	c:\program files\VLC
2011-02-05 21:03 . 2011-02-05 21:03	--------	d-----w-	c:\windows\system32\x64
2011-02-04 17:17 . 2011-02-04 17:17	--------	d-----w-	c:\users\Tobias\AppData\Roaming\Avira
2011-01-30 13:57 . 2011-01-30 13:57	103864	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 13:57 . 2011-01-30 13:57	103864	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-01-29 15:49 . 2010-12-13 07:39	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-01-29 15:49 . 2010-12-13 07:39	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-01-29 15:49 . 2011-01-29 15:49	--------	d-----w-	c:\programdata\Avira
2011-01-29 15:49 . 2011-01-29 15:49	--------	d-----w-	c:\program files\Avira
2011-01-29 13:34 . 2011-01-29 13:34	--------	d-----w-	c:\users\Tobias\AppData\Roaming\Malwarebytes
2011-01-29 13:33 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-29 13:33 . 2011-01-29 13:33	--------	d-----w-	c:\programdata\Malwarebytes
2011-01-29 13:33 . 2011-01-29 13:33	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-29 13:33 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-27 01:09 . 2011-01-27 01:09	--------	d-----w-	c:\users\Tobias\AppData\Roaming\ArcSoft
2011-01-27 01:08 . 2011-01-27 01:23	--------	d-----w-	c:\programdata\ArcSoft
2011-01-27 01:04 . 2011-01-27 01:04	--------	d-----w-	c:\program files\ArcSoft
2011-01-27 01:02 . 2011-01-27 01:02	--------	d-----w-	c:\users\Tobias\AppData\Local\Downloaded Installations
2011-01-26 16:55 . 2011-01-26 16:55	--------	d-----w-	c:\program files\Aiseesoft Studio
2011-01-26 16:12 . 2011-01-26 16:12	--------	d-----w-	c:\users\Tobias\AppData\Roaming\Pavtube
2011-01-26 16:11 . 2011-01-26 16:11	--------	d-----w-	c:\program files\Pavtube

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 19:35 . 2009-09-30 06:30	505128	----a-w-	c:\windows\system32\msvcp71.dll
2011-02-11 19:35 . 2009-09-30 06:30	353576	----a-w-	c:\windows\system32\msvcr71.dll
2011-02-11 19:35 . 2009-09-30 06:30	29480	----a-w-	c:\windows\system32\msxml3a.dll
2011-02-02 16:11 . 2009-10-14 09:39	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-12-30 16:29 . 2010-12-30 16:29	80448	----a-w-	c:\windows\system32\MMCEDT5.exe
2010-12-16 22:57 . 2010-12-16 22:57	31088	----a-w-	c:\windows\system32\drivers\ElbyCDIO.sys
2010-11-25 18:29 . 2010-11-25 18:29	89256	----a-w-	c:\windows\system32\ElbyCDIO.dll
2009-06-06 21:14 . 2009-06-06 21:14	569344	----a-w-	c:\program files\Wavosaur.1.0.5.0.exe
2006-05-03 09:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44	1400712	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-08-26 75048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Server.lnk - c:\program files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744]
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-1-22 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 192504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/11 20:40];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 11:18 87536]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-14 116064]
S3 JME;JMicron Ethernet Adapter NDIS6 Driver;c:\windows\system32\DRIVERS\JME.sys [2009-07-14 82272]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-19 859648]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
FF - ProfilePath - c:\users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\uh3h1c58.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Gutscheinmieze: gutscheinmieze@synatix-gmbh.de - %profile%\extensions\gutscheinmieze@synatix-gmbh.de
FF - Ext: TACO with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net
FF - Ext: Foxit Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-02-19  16:02:45
ComboFix-quarantined-files.txt  2011-02-19 15:02

Vor Suchlauf: 6 Verzeichnis(se), 54.298.263.552 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 53.966.970.880 Bytes frei

- - End Of File - - 24ECCB4CE7FCB32CF7C7A6BD5D381924
Dass der Windows Defender noch angeschaltet war, ist mir leider erst dann aufgefallen - gesucht, um ihn auszustellen und nochmal Combofix laufen lassen:
Code:
ATTFilter
ComboFix 11-02-17.02 - Tobias 19.02.2011  16:37:31.3.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3005.2121 [GMT 1:00]
ausgefьhrt von:: c:\users\Tobias\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2011-01-19 bis 2011-02-19  ))))))))))))))))))))))))))))))
.

2011-02-19 15:43 . 2011-02-19 15:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-19 15:02 . 2011-02-19 15:43	--------	d-----w-	c:\users\Tobias\AppData\Local\temp
2011-02-19 14:47 . 2011-02-19 14:47	--------	d-----w-	c:\program files\CCleaner
2011-02-18 10:53 . 2011-02-18 10:53	--------	d-----w-	c:\program files\Common Files\Adobe
2011-02-18 09:46 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D612B095-5EDF-4020-802D-46E240446BE9}\mpengine.dll
2011-02-16 22:12 . 2011-01-05 03:37	2329088	----a-w-	c:\windows\system32\win32k.sys
2011-02-16 22:12 . 2011-01-05 05:37	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-02-11 19:30 . 2011-02-11 19:30	--------	d-----w-	c:\users\Tobias\AppData\Roaming\dvdcss
2011-02-11 19:29 . 2011-02-11 19:32	--------	d-----w-	c:\users\Tobias\AppData\Roaming\vlc
2011-02-11 19:28 . 2011-02-11 19:29	--------	d-----w-	c:\program files\VLC
2011-02-05 21:03 . 2011-02-05 21:03	--------	d-----w-	c:\windows\system32\x64
2011-02-04 17:17 . 2011-02-04 17:17	--------	d-----w-	c:\users\Tobias\AppData\Roaming\Avira
2011-01-30 13:57 . 2011-01-30 13:57	103864	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 13:57 . 2011-01-30 13:57	103864	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-01-29 15:49 . 2010-12-13 07:39	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-01-29 15:49 . 2010-12-13 07:39	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-01-29 15:49 . 2011-01-29 15:49	--------	d-----w-	c:\programdata\Avira
2011-01-29 15:49 . 2011-01-29 15:49	--------	d-----w-	c:\program files\Avira
2011-01-29 13:34 . 2011-01-29 13:34	--------	d-----w-	c:\users\Tobias\AppData\Roaming\Malwarebytes
2011-01-29 13:33 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-29 13:33 . 2011-01-29 13:33	--------	d-----w-	c:\programdata\Malwarebytes
2011-01-29 13:33 . 2011-01-29 13:33	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-29 13:33 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-27 01:09 . 2011-01-27 01:09	--------	d-----w-	c:\users\Tobias\AppData\Roaming\ArcSoft
2011-01-27 01:08 . 2011-01-27 01:23	--------	d-----w-	c:\programdata\ArcSoft
2011-01-27 01:04 . 2011-01-27 01:04	--------	d-----w-	c:\program files\ArcSoft
2011-01-27 01:02 . 2011-01-27 01:02	--------	d-----w-	c:\users\Tobias\AppData\Local\Downloaded Installations
2011-01-26 16:55 . 2011-01-26 16:55	--------	d-----w-	c:\program files\Aiseesoft Studio
2011-01-26 16:12 . 2011-01-26 16:12	--------	d-----w-	c:\users\Tobias\AppData\Roaming\Pavtube
2011-01-26 16:11 . 2011-01-26 16:11	--------	d-----w-	c:\program files\Pavtube

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 19:35 . 2009-09-30 06:30	505128	----a-w-	c:\windows\system32\msvcp71.dll
2011-02-11 19:35 . 2009-09-30 06:30	353576	----a-w-	c:\windows\system32\msvcr71.dll
2011-02-11 19:35 . 2009-09-30 06:30	29480	----a-w-	c:\windows\system32\msxml3a.dll
2011-02-02 16:11 . 2009-10-14 09:39	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-12-30 16:29 . 2010-12-30 16:29	80448	----a-w-	c:\windows\system32\MMCEDT5.exe
2010-12-16 22:57 . 2010-12-16 22:57	31088	----a-w-	c:\windows\system32\drivers\ElbyCDIO.sys
2010-11-25 18:29 . 2010-11-25 18:29	89256	----a-w-	c:\windows\system32\ElbyCDIO.dll
2009-06-06 21:14 . 2009-06-06 21:14	569344	----a-w-	c:\program files\Wavosaur.1.0.5.0.exe
2006-05-03 09:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44	1400712	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-21 39424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-08-26 75048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Server.lnk - c:\program files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744]
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-1-22 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 192504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/11 20:40];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 11:18 87536]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-14 116064]
S3 JME;JMicron Ethernet Adapter NDIS6 Driver;c:\windows\system32\DRIVERS\JME.sys [2009-07-14 82272]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-19 859648]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
FF - ProfilePath - c:\users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\uh3h1c58.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Gutscheinmieze: gutscheinmieze@synatix-gmbh.de - %profile%\extensions\gutscheinmieze@synatix-gmbh.de
FF - Ext: TACO with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net
FF - Ext: Foxit Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-02-19  16:44:49
ComboFix-quarantined-files.txt  2011-02-19 15:44
ComboFix2.txt  2011-02-19 15:22
ComboFix3.txt  2011-02-19 15:02

Vor Suchlauf: 10 Verzeichnis(se), 54.017.331.200 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 53.727.113.216 Bytes frei

- - End Of File - - 4B18F5733BF6C5F8E14837058684D199
Frage: Warum kommt nach Ausführen von ComboFix bei dem Versuch, OpenOffice zu öffnen, die Fehlermeldung "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde."?
Nach einem Neustart beim vorigen Versuch ging es wieder, aber so sollte es ja wohl nicht sein.


Alt 19.02.2011, 23:46   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
--> TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes

Alt 21.02.2011, 13:42   #7
Schinkenbrot
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Hmpf, so viele Programme...
Hab den Punkt "Online-Abfrage durch OSAM bitte überspringen" leider überlesen und das doch getan (hab sogar eigentlich extra dafür einen Tag gewartet zur weiteren Bearbeitung, da der betroffene Laptop an meinem momentanen Wohnort keine Internet-Verbindung hat), hoffe, das war nicht schlimm.


GMER:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-20 18:37:59
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003
Running: GMER dnfu7z20.exe; Driver: C:\Users\Tobias\AppData\Local\Temp\kwtyipoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                          82E5B589 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                   82E80092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl  section is writeable [0x99598000, 0x2892, 0xE8000020]
.vmp2           C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl  entry point in ".vmp2" section [0x995BB050]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                      9989E000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                      9989E123 629 Bytes  [95, 89, 99, FE, 05, 34, 95, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                      9989E399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                      9989E3FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                      9989E4AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                      

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000056                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


OSAM:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:24:20 on 21.02.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FINDFAST.CPL" - "Microsoft Corporation" - C:\Windows\system32\FINDFAST.CPL
"MLCFG32.CPL" - "Microsoft Corporation" - C:\Windows\system32\MLCFG32.CPL
"ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ArcSec" (ArcSec) - ? - C:\Windows\System32\drivers\ArcSec.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Tobias\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\Windows\System32\drivers\iviaspi.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? -   (File not found | COM-object registry key not found)
{BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\soa800.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Sammelmappen-Teiler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\UNBIND.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Foxit Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "Gutscheinmieze" - "Synatix GmbH" - C:\Users\Tobias\AppData\Roaming\Gutscheinmieze\toolbar.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Foxit Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} "Gutscheinmieze" - "Synatix GmbH" - C:\Users\Tobias\AppData\Roaming\Gutscheinmieze\toolbar.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Foxit Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"TotalMedia Server.lnk" - "ArcSoft Inc." - C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe  (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared files\brs.exe
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MDS_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"RemoteControl10" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
"WinampAgent" - "Nullsoft" - "C:\Program Files\Winamp\winampa.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck:
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		 (build 7600), 32-bit
Base Board Manufacturer:	Medion
BIOS Manufacturer:		Phoenix Technologies LTD
System Manufacturer:		Medion
System Product Name:		E5218
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 186):
  0x82E47000 \SystemRoot\system32\ntkrnlpa.exe
  0x82E10000 \SystemRoot\system32\halmacpi.dll
  0x80BC6000 \SystemRoot\system32\kdcom.dll
  0x8AC11000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8AC89000 \SystemRoot\system32\PSHED.dll
  0x8AC9A000 \SystemRoot\system32\BOOTVID.dll
  0x8ACA2000 \SystemRoot\system32\CLFS.SYS
  0x8ACE4000 \SystemRoot\system32\CI.dll
  0x8AD8F000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8AC00000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8AE2C000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x8AE74000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
  0x8AE7D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x8AE85000 \SystemRoot\system32\DRIVERS\pci.sys
  0x8AEAF000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x8AEBA000 \SystemRoot\System32\drivers\partmgr.sys
  0x8AECB000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8AED3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8AEDE000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x8AEEE000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8AF39000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8B01D000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8B0F7000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x8B100000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8B134000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8B233000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B362000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8B38D000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B3A0000 \SystemRoot\System32\Drivers\cng.sys
  0x8B200000 \SystemRoot\System32\drivers\pcw.sys
  0x8B20E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8B145000 \SystemRoot\system32\drivers\ndis.sys
  0x8AF4F000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8AF8D000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8B435000 \SystemRoot\System32\drivers\tcpip.sys
  0x8B57E000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B5AF000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8B5EE000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B400000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8B217000 \SystemRoot\System32\Drivers\mup.sys
  0x8B42D000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8AFB2000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8B000000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8AE00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x90110000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x9012F000 \SystemRoot\System32\Drivers\Null.SYS
  0x90136000 \SystemRoot\System32\Drivers\Beep.SYS
  0x9013D000 \SystemRoot\System32\drivers\vga.sys
  0x90149000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x9016A000 \SystemRoot\System32\drivers\watchdog.sys
  0x90177000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x9017F000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x90187000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x9018F000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x9019A000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x901A8000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x901BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8F215000 \SystemRoot\system32\drivers\afd.sys
  0x8F26F000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8F2A1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x8F2A8000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8F2C7000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x8F2D8000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8F2E6000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8F2F9000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F309000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8F30F000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8F350000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8F35A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8F364000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x8F36E000 \SystemRoot\System32\drivers\discache.sys
  0x8F37A000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8F392000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x8F3A0000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8F3C6000 \SystemRoot\system32\drivers\ArcSec.sys
  0x901CA000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x91430000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x9101C000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x910D3000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9110C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x91117000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x91162000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x91171000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x92212000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
  0x92302000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x9230C000 \SystemRoot\system32\DRIVERS\jmcr.sys
  0x9232B000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x92351000 \SystemRoot\system32\DRIVERS\JME.sys
  0x92368000 \SystemRoot\system32\drivers\iviaspi.sys
  0x9236E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x92386000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x923BB000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x923BD000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x923CA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x923D7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x923DB000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x923ED000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x91190000 \SystemRoot\system32\DRIVERS\dne2000.sys
  0x92200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x911AF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x911C7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x911D2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x91000000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x91D4D000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x91D64000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x923FA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x91D7B000 \SystemRoot\system32\DRIVERS\ks.sys
  0x91DAF000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x94E0F000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x94E53000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x9782E000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x97AD1000 \SystemRoot\system32\drivers\portcls.sys
  0x97B00000 \SystemRoot\system32\drivers\drmk.sys
  0x97B19000 \SystemRoot\system32\drivers\IntcHdmi.sys
  0x97E20000 \SystemRoot\System32\win32k.sys
  0x97B3C000 \SystemRoot\System32\drivers\Dxapi.sys
  0x97B46000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x97B51000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x94E64000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x97B5E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x98080000 \SystemRoot\System32\TSDDD.dll
  0x980B0000 \SystemRoot\System32\cdd.dll
  0x97B6F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x97B86000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x97BAA000 \SystemRoot\system32\drivers\luafv.sys
  0x97BC5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x97BDA000 \SystemRoot\system32\drivers\WudfPf.sys
  0x97800000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x94F3E000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x97810000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x94F84000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x90000000 \SystemRoot\system32\drivers\HTTP.sys
  0x94F97000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x94FB0000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x94FC2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x91DBD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x94FE5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x99400000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
  0x99490000 \SystemRoot\system32\drivers\peauth.sys
  0x99527000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x99531000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x99552000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9955F000 \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
  0x9958B000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x90085000 \SystemRoot\System32\DRIVERS\srv.sys
  0x995DA000 \SystemRoot\system32\DRIVERS\CVirtA.sys
  0xB8A20000 \SystemRoot\system32\drivers\spsys.sys
  0x77030000 \Windows\System32\ntdll.dll
  0x47B60000 \Windows\System32\smss.exe
  0x77270000 \Windows\System32\apisetschema.dll
  0x00910000 \Windows\System32\autochk.exe
  0x771B0000 \Windows\System32\rpcrt4.dll
  0x77170000 \Windows\System32\ws2_32.dll
  0x76FD0000 \Windows\System32\shlwapi.dll
  0x76FB0000 \Windows\System32\sechost.dll
  0x76360000 \Windows\System32\shell32.dll
  0x76310000 \Windows\System32\Wldap32.dll
  0x76260000 \Windows\System32\msvcrt.dll
  0x76100000 \Windows\System32\ole32.dll
  0x76020000 \Windows\System32\kernel32.dll
  0x75EE0000 \Windows\System32\urlmon.dll
  0x75E80000 \Windows\System32\difxapi.dll
  0x75E70000 \Windows\System32\normaliz.dll
  0x75CD0000 \Windows\System32\setupapi.dll
  0x75C80000 \Windows\System32\gdi32.dll
  0x75C00000 \Windows\System32\comdlg32.dll
  0x75B70000 \Windows\System32\clbcatq.dll
  0x75B50000 \Windows\System32\imm32.dll
  0x75AC0000 \Windows\System32\oleaut32.dll
  0x75A20000 \Windows\System32\advapi32.dll
  0x75A10000 \Windows\System32\nsi.dll
  0x75910000 \Windows\System32\wininet.dll
  0x75710000 \Windows\System32\iertutil.dll
  0x75640000 \Windows\System32\user32.dll
  0x755A0000 \Windows\System32\usp10.dll
  0x754D0000 \Windows\System32\msctf.dll
  0x754C0000 \Windows\System32\psapi.dll
  0x754B0000 \Windows\System32\lpk.dll
  0x75480000 \Windows\System32\imagehlp.dll
  0x75460000 \Windows\System32\devobj.dll
  0x75340000 \Windows\System32\crypt32.dll
  0x752F0000 \Windows\System32\KernelBase.dll
  0x752C0000 \Windows\System32\cfgmgr32.dll
  0x75290000 \Windows\System32\wintrust.dll
  0x75200000 \Windows\System32\comctl32.dll
  0x751F0000 \Windows\System32\msasn1.dll

Processes (total 65):
       0 System Idle Process
       4 System
     292 C:\Windows\System32\smss.exe
     452 csrss.exe
     504 C:\Windows\System32\wininit.exe
     512 csrss.exe
     560 C:\Windows\System32\services.exe
     576 C:\Windows\System32\lsass.exe
     584 C:\Windows\System32\lsm.exe
     716 C:\Windows\System32\winlogon.exe
     748 C:\Windows\System32\svchost.exe
     848 C:\Windows\System32\svchost.exe
     936 C:\Windows\System32\svchost.exe
     980 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\audiodg.exe
    1164 C:\Windows\System32\svchost.exe
    1308 C:\Windows\System32\svchost.exe
    1460 C:\Windows\System32\spoolsv.exe
    1496 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1516 C:\Windows\System32\svchost.exe
    1620 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1652 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    1680 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1712 C:\Windows\System32\conhost.exe
    1732 C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    1768 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
    1840 C:\Windows\System32\PSIService.exe
    1860 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    1884 C:\Program Files\CyberLink\Shared files\RichVideo.exe
    1916 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1964 C:\Windows\System32\svchost.exe
     112 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2072 C:\Windows\System32\dwm.exe
    2088 C:\Windows\System32\taskhost.exe
    2196 C:\Windows\explorer.exe
    2344 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2368 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2396 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    2612 C:\Program Files\Winamp\winampa.exe
    2628 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2696 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2708 C:\Windows\System32\igfxtray.exe
    2716 C:\Windows\System32\hkcmd.exe
    2724 C:\Windows\System32\igfxpers.exe
    2744 C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
    2760 C:\Program Files\CyberLink\Shared files\brs.exe
    2964 C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
    3184 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    3200 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    3256 C:\Windows\System32\SearchIndexer.exe
    3872 C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    2436 C:\Program Files\Osam\osam.exe
    3212 C:\Windows\System32\svchost.exe
    3312 C:\Windows\System32\sppsvc.exe
    3468 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3892 WmiPrvSE.exe
    1836 C:\Program Files\Mozilla Firefox\firefox.exe
    3456 C:\Program Files\Mozilla Firefox\plugin-container.exe
    1792 C:\Windows\System32\SearchProtocolHost.exe
    1060 C:\Windows\System32\SearchFilterHost.exe
    3760 dllhost.exe
    1348 dllhost.exe
    3000 C:\Users\Tobias\Desktop\MBRCheck.exe
    1364 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006a`30900000  (NTFS)

PhysicalDrive0 Model Number: ST9500325AS, Rev: 0003SDM1

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: F61074C24A6DA26C38919A0032AE32ED64E1F93E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Alt 21.02.2011, 14:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Zitat:
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F61074C24A6DA26C38919A0032AE32ED64E1F93E
Bitte mal dieses Tool von kaspersky ausführen wg. des unbekannten MBR => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.02.2011, 14:14   #9
Schinkenbrot
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Das Tool vermeldet keine Funde.

Log:
Code:
ATTFilter
2011/02/21 14:09:01.0457 0860	TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/21 14:09:01.0504 0860	================================================================================
2011/02/21 14:09:01.0504 0860	SystemInfo:
2011/02/21 14:09:01.0504 0860	
2011/02/21 14:09:01.0504 0860	OS Version: 6.1.7600 ServicePack: 0.0
2011/02/21 14:09:01.0504 0860	Product type: Workstation
2011/02/21 14:09:01.0504 0860	ComputerName: TOBIAS-NOTEBOOK
2011/02/21 14:09:01.0504 0860	UserName: Tobias
2011/02/21 14:09:01.0504 0860	Windows directory: C:\Windows
2011/02/21 14:09:01.0504 0860	System windows directory: C:\Windows
2011/02/21 14:09:01.0504 0860	Processor architecture: Intel x86
2011/02/21 14:09:01.0504 0860	Number of processors: 2
2011/02/21 14:09:01.0504 0860	Page size: 0x1000
2011/02/21 14:09:01.0504 0860	Boot type: Normal boot
2011/02/21 14:09:01.0504 0860	================================================================================
2011/02/21 14:09:01.0863 0860	Initialize success
2011/02/21 14:09:05.0326 3420	================================================================================
2011/02/21 14:09:05.0326 3420	Scan started
2011/02/21 14:09:05.0326 3420	Mode: Manual; 
2011/02/21 14:09:05.0326 3420	================================================================================
2011/02/21 14:09:05.0966 3420	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/21 14:09:06.0075 3420	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/21 14:09:06.0184 3420	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/21 14:09:06.0309 3420	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/21 14:09:06.0387 3420	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/21 14:09:06.0434 3420	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/21 14:09:06.0590 3420	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/02/21 14:09:06.0715 3420	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/21 14:09:06.0824 3420	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/02/21 14:09:06.0964 3420	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/21 14:09:06.0995 3420	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/02/21 14:09:07.0105 3420	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/21 14:09:07.0151 3420	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/21 14:09:07.0183 3420	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/21 14:09:07.0292 3420	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/21 14:09:07.0323 3420	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/21 14:09:07.0385 3420	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/21 14:09:07.0526 3420	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/02/21 14:09:07.0682 3420	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/02/21 14:09:07.0729 3420	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/21 14:09:07.0885 3420	ArcSec          (bb67bfbc8476c5f8715654dbcaf7bf3b) C:\Windows\system32\drivers\ArcSec.sys
2011/02/21 14:09:07.0994 3420	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/21 14:09:08.0072 3420	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/21 14:09:08.0197 3420	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/02/21 14:09:08.0337 3420	avipbb          (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/02/21 14:09:08.0462 3420	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/02/21 14:09:08.0524 3420	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/02/21 14:09:08.0618 3420	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/02/21 14:09:08.0711 3420	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/21 14:09:08.0789 3420	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/21 14:09:08.0821 3420	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/21 14:09:08.0836 3420	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/21 14:09:08.0977 3420	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/02/21 14:09:09.0023 3420	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/21 14:09:09.0101 3420	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/21 14:09:09.0148 3420	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/21 14:09:09.0226 3420	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/21 14:09:09.0460 3420	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/21 14:09:09.0538 3420	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/21 14:09:09.0632 3420	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/21 14:09:09.0679 3420	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/02/21 14:09:09.0803 3420	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/21 14:09:09.0850 3420	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/21 14:09:09.0897 3420	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/02/21 14:09:09.0959 3420	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/21 14:09:10.0037 3420	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/21 14:09:10.0115 3420	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/21 14:09:10.0256 3420	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/02/21 14:09:10.0396 3420	CVPNDRVA        (c23025ac5ae45a105d63bd6e2408edd4) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/02/21 14:09:10.0490 3420	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/02/21 14:09:10.0521 3420	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/02/21 14:09:10.0599 3420	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/02/21 14:09:10.0661 3420	DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
2011/02/21 14:09:10.0786 3420	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/02/21 14:09:10.0849 3420	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/21 14:09:11.0020 3420	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/02/21 14:09:11.0145 3420	ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/02/21 14:09:11.0207 3420	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/21 14:09:11.0254 3420	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/21 14:09:11.0317 3420	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/02/21 14:09:11.0426 3420	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/02/21 14:09:11.0473 3420	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/21 14:09:11.0566 3420	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/02/21 14:09:11.0597 3420	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/02/21 14:09:11.0707 3420	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/21 14:09:11.0769 3420	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/02/21 14:09:11.0816 3420	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/02/21 14:09:11.0847 3420	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/21 14:09:11.0972 3420	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/21 14:09:12.0034 3420	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/21 14:09:12.0081 3420	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/21 14:09:12.0159 3420	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/02/21 14:09:12.0268 3420	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/21 14:09:12.0299 3420	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/21 14:09:12.0346 3420	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/21 14:09:12.0393 3420	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/21 14:09:12.0502 3420	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/21 14:09:12.0580 3420	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/21 14:09:12.0674 3420	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/02/21 14:09:12.0721 3420	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/21 14:09:12.0830 3420	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/21 14:09:12.0892 3420	iaStor          (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/02/21 14:09:12.0970 3420	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/21 14:09:13.0251 3420	igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/02/21 14:09:13.0376 3420	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/21 14:09:13.0563 3420	IntcAzAudAddService (94b1ff5d243d34b31380a2f79fc48959) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/21 14:09:13.0657 3420	IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\Windows\system32\drivers\IntcHdmi.sys
2011/02/21 14:09:13.0688 3420	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/21 14:09:13.0719 3420	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/21 14:09:13.0750 3420	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/21 14:09:13.0859 3420	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/21 14:09:13.0891 3420	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/02/21 14:09:13.0984 3420	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/02/21 14:09:14.0031 3420	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/21 14:09:14.0078 3420	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/21 14:09:14.0218 3420	Iviaspi         (371334c6a0583290d327158a660cfa5f) C:\Windows\system32\drivers\iviaspi.sys
2011/02/21 14:09:14.0265 3420	JMCR            (8c17deb1995e593853373c30485e7368) C:\Windows\system32\DRIVERS\jmcr.sys
2011/02/21 14:09:14.0312 3420	JME             (cd54cf660f7f079be411e97d6d794767) C:\Windows\system32\DRIVERS\JME.sys
2011/02/21 14:09:14.0390 3420	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/21 14:09:14.0452 3420	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/21 14:09:14.0530 3420	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/21 14:09:14.0593 3420	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/21 14:09:14.0717 3420	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/21 14:09:14.0858 3420	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/21 14:09:14.0920 3420	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/21 14:09:15.0014 3420	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/21 14:09:15.0107 3420	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/21 14:09:15.0185 3420	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/02/21 14:09:15.0232 3420	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/21 14:09:15.0326 3420	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/21 14:09:15.0357 3420	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/02/21 14:09:15.0466 3420	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/21 14:09:15.0529 3420	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/21 14:09:15.0607 3420	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/21 14:09:15.0685 3420	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/02/21 14:09:15.0731 3420	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/21 14:09:15.0825 3420	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/21 14:09:15.0887 3420	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/02/21 14:09:15.0997 3420	mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/21 14:09:16.0043 3420	mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/21 14:09:16.0137 3420	mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/21 14:09:16.0246 3420	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/21 14:09:16.0293 3420	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/21 14:09:16.0371 3420	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/02/21 14:09:16.0387 3420	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/21 14:09:16.0433 3420	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/21 14:09:16.0558 3420	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/21 14:09:16.0589 3420	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/21 14:09:16.0667 3420	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/02/21 14:09:16.0714 3420	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/02/21 14:09:16.0808 3420	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/21 14:09:16.0870 3420	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/02/21 14:09:16.0917 3420	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/21 14:09:17.0011 3420	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/02/21 14:09:17.0073 3420	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/21 14:09:17.0182 3420	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/02/21 14:09:17.0245 3420	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/21 14:09:17.0338 3420	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/21 14:09:17.0401 3420	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/21 14:09:17.0416 3420	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/21 14:09:17.0510 3420	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/02/21 14:09:17.0557 3420	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/21 14:09:17.0588 3420	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/21 14:09:17.0744 3420	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/21 14:09:17.0791 3420	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/02/21 14:09:17.0822 3420	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/21 14:09:17.0869 3420	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/02/21 14:09:17.0915 3420	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/02/21 14:09:17.0962 3420	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/21 14:09:18.0025 3420	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/21 14:09:18.0056 3420	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/21 14:09:18.0118 3420	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/21 14:09:18.0181 3420	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/02/21 14:09:18.0227 3420	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/02/21 14:09:18.0259 3420	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/02/21 14:09:18.0337 3420	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/02/21 14:09:18.0368 3420	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/21 14:09:18.0415 3420	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/21 14:09:18.0461 3420	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/02/21 14:09:18.0524 3420	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/02/21 14:09:18.0680 3420	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/21 14:09:18.0727 3420	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/02/21 14:09:18.0851 3420	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/21 14:09:18.0945 3420	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/21 14:09:18.0992 3420	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/21 14:09:19.0054 3420	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/21 14:09:19.0085 3420	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/21 14:09:19.0195 3420	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/21 14:09:19.0273 3420	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/21 14:09:19.0397 3420	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/21 14:09:19.0491 3420	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/21 14:09:19.0522 3420	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/21 14:09:19.0585 3420	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/21 14:09:19.0647 3420	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/21 14:09:19.0694 3420	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/21 14:09:19.0741 3420	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/21 14:09:19.0819 3420	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/02/21 14:09:19.0912 3420	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/02/21 14:09:20.0068 3420	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/21 14:09:20.0146 3420	rtl8192se       (97574b6c7488cb463eaa28092d2dc82e) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/02/21 14:09:20.0255 3420	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/21 14:09:20.0318 3420	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/21 14:09:20.0396 3420	sdbus           (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/21 14:09:20.0521 3420	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/21 14:09:20.0630 3420	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/21 14:09:20.0723 3420	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/02/21 14:09:20.0770 3420	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/21 14:09:20.0879 3420	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/21 14:09:20.0926 3420	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/21 14:09:20.0957 3420	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/21 14:09:20.0989 3420	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/21 14:09:21.0067 3420	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/02/21 14:09:21.0129 3420	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/21 14:09:21.0176 3420	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/21 14:09:21.0269 3420	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/02/21 14:09:21.0332 3420	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/02/21 14:09:21.0472 3420	srv             (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/21 14:09:21.0519 3420	srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/21 14:09:21.0644 3420	srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/21 14:09:21.0831 3420	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/02/21 14:09:21.0893 3420	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/21 14:09:21.0956 3420	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/21 14:09:22.0049 3420	SynTP           (c93aa00fb1386cc00d0a66ba41847421) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/21 14:09:22.0205 3420	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/02/21 14:09:22.0299 3420	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/21 14:09:22.0408 3420	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/21 14:09:22.0439 3420	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/02/21 14:09:22.0471 3420	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/02/21 14:09:22.0533 3420	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/21 14:09:22.0611 3420	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/21 14:09:22.0720 3420	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/21 14:09:22.0767 3420	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/21 14:09:22.0798 3420	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/21 14:09:22.0845 3420	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/21 14:09:22.0970 3420	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/21 14:09:23.0032 3420	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/21 14:09:23.0063 3420	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/21 14:09:23.0095 3420	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/21 14:09:23.0141 3420	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/21 14:09:23.0204 3420	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/21 14:09:23.0282 3420	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/21 14:09:23.0329 3420	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/21 14:09:23.0422 3420	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/21 14:09:23.0500 3420	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/21 14:09:23.0578 3420	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/21 14:09:23.0609 3420	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/21 14:09:23.0734 3420	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/21 14:09:23.0828 3420	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/21 14:09:23.0859 3420	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/21 14:09:23.0937 3420	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/02/21 14:09:23.0984 3420	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/21 14:09:24.0077 3420	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/02/21 14:09:24.0124 3420	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/02/21 14:09:24.0171 3420	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/21 14:09:24.0202 3420	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/21 14:09:24.0233 3420	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/02/21 14:09:24.0280 3420	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/21 14:09:24.0405 3420	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/21 14:09:24.0452 3420	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/02/21 14:09:24.0545 3420	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/02/21 14:09:24.0592 3420	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/21 14:09:24.0733 3420	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/21 14:09:24.0748 3420	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/21 14:09:24.0842 3420	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/02/21 14:09:24.0935 3420	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/21 14:09:25.0091 3420	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/21 14:09:25.0123 3420	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/02/21 14:09:25.0310 3420	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/02/21 14:09:25.0372 3420	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/21 14:09:25.0513 3420	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/21 14:09:25.0591 3420	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/02/21 14:09:25.0653 3420	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/21 14:09:25.0825 3420	{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
2011/02/21 14:09:25.0949 3420	================================================================================
2011/02/21 14:09:25.0949 3420	Scan finished
2011/02/21 14:09:25.0949 3420	================================================================================

Alt 21.02.2011, 14:20   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.02.2011, 15:28   #11
Schinkenbrot
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Das klingt doch beruhigend.
Da ich jetzt wieder zu Hause bin (also kein Internet am betroffenen Laptop), ging das mit den Updates nicht. Malwarebytes wurde aber am Wochenende zuletzt aktualisiert, Super Antyspyware habe ich jetzt erst in der neuesten Version geladen. Ich scanne einfach schon mal so, ansonsten in den nächsten Tagen nochmal, wenn ich mit dem Laptop wieder online gegangen bin.

Danke für die Hilfe jedenfalls!

Alt 21.02.2011, 17:17   #12
Schinkenbrot
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


SASW hat wohl doch noch was gefunden, MWB hingegen war nun zufrieden.
Hoffe mal, damit hat sich dann alles erledigt.

SASW:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/21/2011 at 03:59 PM

Application Version : 4.48.1000

Core Rules Database Version : 6385
Trace Rules Database Version: 4197

Scan type       : Complete Scan
Total Scan Time : 00:36:29

Memory items scanned      : 675
Memory threats detected   : 0
Registry items scanned    : 10098
Registry threats detected : 0
File items scanned        : 34661
File threats detected     : 2

Adware.Tracking Cookie
	sega.missioncontrol.global-media.de [ C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\uh3h1c58.default\cookies.sqlite ]
	.kontera.com [ C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\uh3h1c58.default\cookies.sqlite ]

MWB:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5794

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.02.2011 17:10:57
mbam-log-2011-02-21 (17-10-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 293965
Laufzeit: 1 Stunde(n), 8 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 21.02.2011, 19:50   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.02.2011, 22:03   #14
Schinkenbrot
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Nein, alles ok soweit.
Sofern da jetzt nicht gravierende Datenbank-Updates bei SUPERAntiSpyware waren, hat sich das Problem dann also wohl gelöst.

Alt 22.02.2011, 08:35   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Standard

TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


Dann wären wir durch!

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 1 von 2 1 2

Themen zu TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes
'tr/crypt.epack.gen2', 7-zip, adblock, antivir, autorun, avgntflt.sys, avira, bho, corp./icp, druck, error, excel.exe, fehler, firefox, flash player, fontcache, google, helper, hijack, hijackthis, home, home premium, iastor.sys, install.exe, location, logfile, microsoft office word, ntdll.dll, nvstor.sys, office 2007, oldtimer, otl.exe, plug-in, programdata, programm, realtek, registry, richtlinie, rundll, saver, scan, sched.exe, searchplugins, security, senden, server, shell32.dll, software, spyeyes, start menu, super, taskhost.exe, tr/crypt.epack.gen, trojan.spyeyes, usb, user agent, virus, webcheck, {dfefcdee-cf1a-4fc8-88ad-48514e463b27}


« Imgnute0011.exe (hiddenext worm.gen) | 2 Trojaner TR/PSW.zbot.137 + TR/Dipla.hcv u.a. - Was tun? »


Ähnliche Themen: TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes


  1. Antivir Echtzeit-Scanner wird blockiert nach Fund: TR/Crypt.EPack.20167
    Log-Analyse und Auswertung - 09.07.2014 (35)
  2. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (5)
  3. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (9)
  4. TR/Crypt.EPACK.Gen2 auf dem pc
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (7)
  5. TR/Crypt.EPACK.Gen2 - Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (6)
  6. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (6)
  7. TR/Crypt.EPACK.Gen2
    Log-Analyse und Auswertung - 06.11.2012 (18)
  8. TR/Crypt.EPACK.Gen2 - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (2)
  9. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (5)
  10. TR/Crypt.XPACK.Gen8 - TR/Crypt.EPACK.Gen2 - TR/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (18)
  11. TR/Crypt.EPACK.Gen2 gefunden!
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (13)
  12. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (17)
  13. Wie werde ich TR/Crypt.EPACK.Gen2 los?
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (1)
  14. Antivir meldet Fund: TR/Jorik.SpyEyes.tl
    Plagegeister aller Art und deren Bekämpfung - 23.07.2011 (16)
  15. DOPPELT Cryp.EPACK.Gen2, Luser.B, Spy.SpyEyes.isk, Diple.qrr, VBKrypt.drff, HideWindows.31232
    Mülltonne - 23.06.2011 (7)
  16. TR/Crypt.EPACK.Gen2 Antivir zeigt mir ständig Diesen Trojaner an--> Nicht löschbar
    Plagegeister aller Art und deren Bekämpfung - 06.04.2011 (10)
  17. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 12.01.2011 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes - Hallo! Bin über google auf mehrere Threads hier zu oben genanntem Virenfund (TR/Crypt.EPACK.Gen2) gestoßen, nachdem Antivir mich damit auch schon seit Stunden in regelmäßigen Abständen konfrontriert hat... Genauer: Zitat: In - TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes...
Archiv
Du betrachtest: TR/Crypt.EPACK.Gen2 Antivir-Fund / Spyeyes auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131