System Tool entfernen und dazugehörige Logfile

chiquita_banana · 13.03.2011, 22:31

also ich habe auch das leidige problem mit dem system tool und es wäre nett wenn mir jemand helfen könnte! danke

hier der logfile:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6044

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

13.03.2011 22:23:20
mbam-log-2011-03-13 (22-23-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 330812
Laufzeit: 58 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\azvqfvngme (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dAgOnAh18101 (Trojan.FakeAlert) -> Value: dAgOnAh18101 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\dagonah18101\dagonah18101.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Lola\AppData\Local\Temp\datef30.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Lola\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\02LYT31J\lol2[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Lola\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\3CFLTFBU\548[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Lola\AppData\Local\Temp\548.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Fehler von mir das brauch ihr doch.

OTL Logfile:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 13.03.2011 23:00:36 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Lola\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,11 Gb Total Space | 36,46 Gb Free Space | 26,02% Space Free | Partition Type: NTFS
 
Computer Name: LOLA-PC | User Name: Lola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lola\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Lola\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV - (Viewpoint Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (k750mdm) -- C:\Windows\System32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\Windows\System32\drivers\k750mdfl.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.groupon.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.03.09 15:01:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 10:56:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 10:56:55 | 000,000,000 | ---D | M]
 
[2009.06.19 19:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lola\AppData\Roaming\mozilla\Extensions
[2011.03.13 09:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions
[2010.06.25 13:20:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.27 18:23:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.27 18:23:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.30 15:22:41 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.12.30 15:22:40 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\engine@conduit.com
[2010.07.27 20:14:08 | 000,000,873 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\conduit.xml
[2009.02.02 09:53:50 | 000,001,632 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\live-search.xml
[2010.11.03 18:30:51 | 000,002,057 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\youtube-videosuche.xml
[2011.03.13 09:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.05.02 09:29:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.15 10:10:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.27 08:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.30 08:36:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.27 16:01:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.24 19:41:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.24 19:41:49 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.24 19:41:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.24 19:41:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.24 19:41:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} -  File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090921024610 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1225017435 (Image Uploader Control)
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} hxxp://www3.snapfish.de/SnapfishActivia2.cab (Snapfish Activia2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Lola\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lola\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{29c7e03a-b186-11de-ad97-001bfb5e7961}\Shell - "" = AutoRun
O33 - MountPoints2\{29c7e03a-b186-11de-ad97-001bfb5e7961}\Shell\AutoRun\command - "" = I:\USBAutoRun.exe
O33 - MountPoints2\{860d525d-7e95-11de-942d-001a803d3648}\Shell\AutoRun\command - "" = RECYCLER\recycld.exe
O33 - MountPoints2\{860d525d-7e95-11de-942d-001a803d3648}\Shell\open\command - "" = RECYCLER\recycld.exe
O33 - MountPoints2\{91ad0781-9fa7-11de-8ce5-001a803d3648}\Shell - "" = AutoRun
O33 - MountPoints2\{91ad0781-9fa7-11de-8ce5-001a803d3648}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{91ad0781-9fa7-11de-8ce5-001a803d3648}\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{91ad0781-9fa7-11de-8ce5-001a803d3648}\Shell\install\command - "" = H:\SETUP.EXE
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.13 20:15:57 | 000,000,000 | ---D | C] -- C:\Users\Lola\AppData\Roaming\Malwarebytes
[2011.03.13 20:14:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.13 20:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.13 20:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.13 20:14:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.13 20:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.03.13 18:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\dAgOnAh18101
[2011.03.10 06:58:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.03.09 07:11:44 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 07:11:43 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 07:11:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 07:11:43 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.02.27 16:00:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.02.27 16:00:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.02.27 16:00:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.02.24 08:19:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.24 08:15:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.24 08:15:11 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.24 08:15:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.24 08:15:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.24 08:15:08 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.24 08:15:08 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.24 08:15:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.24 08:15:06 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.24 08:15:06 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.24 08:15:06 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.24 08:15:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.24 08:14:54 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.24 08:14:54 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.24 08:14:54 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.02.24 08:14:53 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.24 08:14:53 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.13 23:02:41 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{62AEE46E-3D84-42F6-9791-BDEE06942054}.job
[2011.03.13 22:57:52 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.13 22:57:51 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.13 22:57:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.13 22:57:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.13 22:57:37 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.13 19:08:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000UA.job
[2011.03.13 19:06:57 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.13 13:11:10 | 000,000,994 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Status Monitor.lnk
[2011.03.12 17:41:10 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.12 17:41:10 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.12 17:41:10 | 000,127,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.12 17:41:10 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.12 12:27:14 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.12 12:26:16 | 000,001,032 | ---- | M] () -- C:\Users\Lola\Desktop\DVDVideoSoft Free Studio.lnk
[2011.03.12 12:25:58 | 000,001,191 | ---- | M] () -- C:\Users\Lola\Desktop\Free YouTube to MP3 Converter.lnk
[2011.03.11 19:08:53 | 000,002,037 | ---- | M] () -- C:\Users\Lola\Desktop\Google Chrome.lnk
[2011.03.08 09:46:53 | 000,002,371 | ---- | M] () -- C:\Users\Lola\Desktop\Skype.lnk
[2011.03.04 09:43:40 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000Core.job
[2011.02.27 09:43:44 | 000,002,631 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Office Word 2007.lnk
[2011.02.25 13:35:33 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.02.24 19:57:17 | 000,002,735 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Office Outlook 2007.lnk
[2011.02.23 12:23:36 | 000,000,964 | ---- | M] () -- C:\Users\Lola\Desktop\Brother.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.13 22:57:37 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.12 12:25:58 | 000,001,191 | ---- | C] () -- C:\Users\Lola\Desktop\Free YouTube to MP3 Converter.lnk
[2011.02.24 08:14:57 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.24 08:14:57 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.02.24 08:14:57 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.02.23 12:23:36 | 000,000,964 | ---- | C] () -- C:\Users\Lola\Desktop\Brother.lnk
[2011.01.29 10:13:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.01.26 16:45:18 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011.01.26 16:45:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.01.26 16:41:00 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.11.03 08:59:57 | 000,171,288 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.10.02 09:39:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010.10.02 09:39:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010.10.02 09:39:18 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010.10.02 09:39:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.10.02 09:39:17 | 000,000,335 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.10.02 09:38:18 | 000,032,768 | ---- | C] () -- C:\Windows\System32\osclpthread.dll
[2010.06.14 17:30:52 | 000,003,766 | ---- | C] () -- C:\Windows\scad3.INI
[2009.12.21 16:43:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.21 16:43:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.17 15:51:17 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009.10.05 11:02:43 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2009.10.05 11:02:43 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.05.12 10:38:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.12.04 00:30:10 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2008.12.02 12:57:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008.11.25 18:16:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.11.25 10:36:43 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.11.25 10:36:27 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.11.18 11:00:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.10.16 20:16:44 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.10.13 15:48:59 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.10.13 15:48:59 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.10.13 15:48:59 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.10.13 15:48:59 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat
[2008.03.09 15:01:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.01.02 21:38:23 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008.01.02 21:33:14 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2007.12.31 13:34:35 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.12.30 18:38:28 | 004,590,949 | ---- | C] () -- C:\Users\Lola\AppData\Roaming\UserTile.png
[2007.12.28 21:31:27 | 000,113,152 | ---- | C] () -- C:\Users\Lola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.28 21:31:25 | 000,002,032 | ---- | C] () -- C:\Users\Lola\AppData\Local\d3d9caps.dat
[2007.09.08 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007.08.13 23:00:50 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.08.13 23:00:50 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.08.13 23:00:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007.08.13 23:00:49 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.08.13 23:00:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.08.13 23:00:48 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.08.13 13:46:45 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007.08.13 04:25:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 16:33:31 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,127,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,454,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005.04.28 05:22:34 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005.04.28 05:22:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000081.DLL
[1999.04.29 22:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 13.03.2011 23:00:36 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Lola\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,11 Gb Total Space | 36,46 Gb Free Space | 26,02% Space Free | Partition Type: NTFS
 
Computer Name: LOLA-PC | User Name: Lola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2758217544-4115683230-4201137011-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C3257354-F441-420D-B822-493869028369}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0097DFC9-0C9E-46A6-A7F3-DD8972115858}" = dir=in | app=c:\users\lola\andré\bot\tm.exe | 
"{00F25E53-61F5-4794-BFC8-1F3DB552DE05}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{033263E1-B6C3-48FA-BE11-2AC43000F246}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{047B9B94-46EB-45FA-BB73-C9B69C3E8625}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{06C118D3-FCB6-4ECD-A7D0-5C5627DBB751}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06CAFBF4-D8F7-4D52-9ED3-26C46429417F}" = dir=out | app=c:\users\lola\andré\bot\tm.exe | 
"{09A6214E-99F4-403E-8332-200C818D7692}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B4A0920-71DA-46E5-819F-89F9EC01C2BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0DA15515-29DA-4C98-81EB-9F9FD0170A63}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{109ADCC6-2A00-43F2-9DB0-64E19DFEB371}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{124A1F82-DA0D-49A4-84F9-4E5598878181}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{134A03A8-5F63-4AF6-8D26-825BA1A3176B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe | 
"{18E1E4FF-DB8F-48F0-B8F3-7D0B99C7E010}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1992CC49-DA9B-4194-86EA-4908B42E4B67}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B3AEAD9-6CE7-42E6-A81E-540664DE5274}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1B5D8524-B012-4446-96DD-55AAB4AD378E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2428805B-5105-42FD-AEFC-48842ECBB7B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{245D2D24-ACF9-4366-8BAF-E2C779FB8C5B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24FA3306-4A4B-4C9C-88F2-9BC56ACFA7DF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{294212B4-8AE9-43B5-8E2E-EC000B2AC0CC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C359B0A-F08E-42C9-886A-D9E0BF2D751D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | 
"{365D635D-9135-4D4E-8920-DE691CFAD381}" = dir=in | app=c:\users\lola\andré\bot\tm-update.exe | 
"{37AD37F7-A856-4D1F-A163-326CC2595D5A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C951F23-F8B9-4CD8-883E-BA613C79B088}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EB39DF5-52A2-47F3-99ED-7FFA2177D792}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{42F1AEB0-604D-4477-8752-23D3337EDF30}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | 
"{493F4D06-696D-426B-AA29-6F7873A730FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{522AD36A-FFFE-4126-AA72-D07752A2EA81}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{539B0717-F05D-48CA-AB33-90ACDC7FCA07}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5614D5DE-9916-4402-B44D-5D7279A297F9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{59B87D47-E2DA-448D-88A6-EEEF937A2C9B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | 
"{6016544C-B363-4787-BF03-B0832FDE48F1}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{6145F506-57B3-43D3-BE99-5136995F0E07}" = dir=in | app=c:\users\lola\andré\tmbot\tm-update.exe | 
"{61B78875-2495-4BAE-B8D8-8D837F1804DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{626E3007-C1F3-4706-B4B9-2779DB7962C5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{63524210-8497-4B7E-B1B1-EE47E7DE0369}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{6A1C0F73-1B8A-41FE-B1F3-F3ECE708D8C3}" = dir=in | app=c:\users\lola\andré\tmbot\tm.exe | 
"{6DE660BF-8BB3-4E4D-A848-592DA918D328}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6E033E22-8749-4ACE-870B-BBF480035A94}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{760BAA17-8670-435A-9AB6-BE2DF0AC4893}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | 
"{7AAED674-A947-47D2-832D-54344C8CE472}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{7D5FC05E-7A63-4EC1-878C-8FA637EE5EF9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{855445F1-BF36-479E-A08F-323997273223}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90A45946-EFB3-4580-A62E-5CBB671BBCA2}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe | 
"{946E3799-6F62-44FD-A05A-3B272091D25B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{958F7913-4F3B-4FD2-A902-80349C64BDAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{99C63583-0DFE-4176-BD7A-5094C6D056B6}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | 
"{9B7294B0-2DF8-4E07-BC66-6C66E7779129}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{9D4478E7-F51C-472E-BAEC-9490DA9D0337}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{A23A265B-AE7D-48D8-A5F9-6A8A6A92CC96}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{A7F08D2E-D852-48BE-8D21-52A7A5C2D426}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B321E8E5-A83F-40BD-81BC-50359C51A8E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B58D8590-E60A-4B1F-A8F1-7723416D2983}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B8921F62-E2B8-4664-BD1A-E09D54176B75}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{BEEBE0A3-E3F5-437F-8D64-7ADD924E496E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C457CF1B-A3BD-4EEA-B4A7-F203A893EC91}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C5B1111F-8694-4779-8F16-69DD0B0B86A8}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{CCFBACC2-42EA-407F-A0BB-1B0C3DA893D2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CD39CEE3-F3FC-4D33-A8C7-1684AC217D96}" = dir=out | app=c:\users\lola\andré\tmbot\tm.exe | 
"{CEBB6059-DB34-4CBA-AAB4-5F61FA50C296}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D203A10E-6ACE-493B-9E48-2E59D0D6025C}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{D5A4C2FF-4782-4019-9CB8-06360B079953}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{DA80FA97-1E61-4ED5-A821-09AE6A83DE86}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC664095-EB23-4EB0-9F30-C09E620485A2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{DE8DCE3A-6EF1-45C2-930E-7DD8AA35DBC1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{E0C9009B-C19D-4B58-BD45-38E158FD1843}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{E17A3BBA-410F-43EF-91A9-0127FCDDD94C}" = dir=in | app=c:\users\lola\andré\bot\dj-browser.exe | 
"{E24D4594-1816-4582-959B-54DB80B87679}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E26E1518-9C56-475D-A03B-E2A203ADE530}" = dir=in | app=c:\users\lola\andré\tmbot\dj-browser.exe | 
"{FB335709-9B15-41D8-99EF-EC6AF21544D1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | 
"{FC8B0B22-1C01-4BB8-8176-912917084F14}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{FC8D219E-A2BF-4BFF-952C-E545788C6D07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{0D82AE47-7D1B-4C22-9A3A-B15251DED30A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{4C98027F-9ACD-41E2-BE9C-1C0665F85CCC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{58C17E95-E894-42C8-82B9-B53C59E840F3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{85CBE143-0C8F-43B5-B215-0F47891CBBF0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{B4A31CA3-C3D1-4D86-BB7F-4AD4BD9B3415}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{EFF87D5C-4066-488C-A8E6-77B476D89CE6}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{0A4C4FC2-14B5-4BDC-BEF7-8FF9C2E28B5B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{120978B6-C7D3-4E45-A41F-3944A5CD6C28}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{4472D1E0-5DC6-4567-BDB6-0C06D7345E28}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{666ED7F3-48F1-4638-97F7-8F9E7E5B495E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{A46884C0-8080-43B8-8395-E20C5AFAC4E2}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{CB0A0CC8-088A-4875-B3EC-F604BCC3BF24}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22FB6750-ADDF-4726-B67F-6901E1991031}" = Nero 7 Essentials
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer  VAIO Content Exporter
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{638BAD93-701B-482A-86C6-72DFF3E6FE51}" = 
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{6C1EC809-88C6-4111-A6E0-0C6E203B3818}" = VAIO Movie Story 1.3 Upgrade
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Funktion Einstellungen
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" = 
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.44
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Movie Shrink & Burn 3_is1" = Ashampoo Movie Shrink & Burn 3 3.03
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"dt icon module" = 
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"eBay HTML" = 
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"gtfirstboot Setting Request" = 
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"IpodConverter_is1" = IpodConverter 1.1
"LTspice IV" = LTspice IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"PokerStars" = PokerStars
"Rainbow Client Activator 2.2 English" = Client Activator 2.2 - English
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TMbot_0" = TMbot 3.4.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VAIO MFU Module" = 
"VAIO Xblack Contents" = VAIO Xblack Contents
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.03.2011 14:45:36 | Computer Name = Lola-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.03.2011 14:56:28 | Computer Name = Lola-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.03.2011 14:56:28 | Computer Name = Lola-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.03.2011 15:03:42 | Computer Name = Lola-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.03.2011 15:07:39 | Computer Name = Lola-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.03.2011 15:09:10 | Computer Name = Lola-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.03.2011 15:10:39 | Computer Name = Lola-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.03.2011 17:35:41 | Computer Name = Lola-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 13.03.2011 17:58:12 | Computer Name = Lola-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.03.2011 17:58:12 | Computer Name = Lola-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Media Center Events ]
Error - 23.09.2009 07:42:28 | Computer Name = Lola-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide
 
 
[ System Events ]
Error - 13.03.2011 15:03:42 | Computer Name = Lola-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 13.03.2011 15:03:54 | Computer Name = Lola-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 13.03.2011 15:04:25 | Computer Name = Lola-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 13.03.2011 15:04:25 | Computer Name = Lola-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 13.03.2011 17:35:31 | Computer Name = Lola-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 13.03.2011 17:35:41 | Computer Name = Lola-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 13.03.2011 17:35:54 | Computer Name = Lola-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 13.03.2011 17:36:31 | Computer Name = Lola-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 13.03.2011 17:36:31 | Computer Name = Lola-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 13.03.2011 17:58:14 | Computer Name = Lola-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

cosinus · 15.03.2011, 16:44

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

chiquita_banana · 15.03.2011, 22:21

wie bitte? versteh nicht was du willst.
ich sollte doch die OTL logfiles reinstellen, wo bekomme ich die anderen logfiles her? trotzdem schon mal danke!

chiquita_banana · 16.03.2011, 09:14

also die hätte ich noch,

1:
sMalwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6044

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

14.03.2011 18:08:36
mbam-log-2011-03-14 (18-08-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 327593
Laufzeit: 1 Stunde(n), 36 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

2:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6044

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

13.03.2011 22:55:05
mbam-log-2011-03-13 (22-55-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 50498
Laufzeit: 4 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

3:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6044

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

13.03.2011 22:23:20
mbam-log-2011-03-13 (22-23-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 330812
Laufzeit: 58 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\azvqfvngme (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dAgOnAh18101 (Trojan.FakeAlert) -> Value: dAgOnAh18101 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\dagonah18101\dagonah18101.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Lola\AppData\Local\Temp\datef30.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Lola\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\02LYT31J\lol2[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Lola\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\3CFLTFBU\548[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Lola\AppData\Local\Temp\548.exe (Trojan.Agent) -> Quarantined and deleted successfully.

4:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

13.03.2011 21:23:43
mbam-log-2011-03-13 (21-23-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 322374
Laufzeit: 1 Stunde(n), 2 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Users\Lola\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

cosinus · 16.03.2011, 10:33

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{29c7e03a-b186-11de-ad97-001bfb5e7961}\Shell - "" = AutoRun
O33 - MountPoints2\{29c7e03a-b186-11de-ad97-001bfb5e7961}\Shell\AutoRun\command - "" = I:\USBAutoRun.exe
O33 - MountPoints2\{860d525d-7e95-11de-942d-001a803d3648}\Shell\AutoRun\command - "" = RECYCLER\recycld.exe
O33 - MountPoints2\{860d525d-7e95-11de-942d-001a803d3648}\Shell\open\command - "" = RECYCLER\recycld.exe
O33 - MountPoints2\{91ad0781-9fa7-11de-8ce5-001a803d3648}\Shell - "" = AutoRun
O33 - MountPoints2\{91ad0781-9fa7-11de-8ce5-001a803d3648}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{91ad0781-9fa7-11de-8ce5-001a803d3648}\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{91ad0781-9fa7-11de-8ce5-001a803d3648}\Shell\install\command - "" = H:\SETUP.EXE
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
[2011.03.13 18:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\dAgOnAh18101
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

chiquita_banana · 16.03.2011, 13:56

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29c7e03a-b186-11de-ad97-001bfb5e7961}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29c7e03a-b186-11de-ad97-001bfb5e7961}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29c7e03a-b186-11de-ad97-001bfb5e7961}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29c7e03a-b186-11de-ad97-001bfb5e7961}\ not found.
File I:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{860d525d-7e95-11de-942d-001a803d3648}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{860d525d-7e95-11de-942d-001a803d3648}\ not found.
File C:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{860d525d-7e95-11de-942d-001a803d3648}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{860d525d-7e95-11de-942d-001a803d3648}\ not found.
File C:\RECYCLER\recycld.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91ad0781-9fa7-11de-8ce5-001a803d3648}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91ad0781-9fa7-11de-8ce5-001a803d3648}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91ad0781-9fa7-11de-8ce5-001a803d3648}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91ad0781-9fa7-11de-8ce5-001a803d3648}\ not found.
File H:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91ad0781-9fa7-11de-8ce5-001a803d3648}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91ad0781-9fa7-11de-8ce5-001a803d3648}\ not found.
File H:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91ad0781-9fa7-11de-8ce5-001a803d3648}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91ad0781-9fa7-11de-8ce5-001a803d3648}\ not found.
File H:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
File G:\Autorun\Autorun.exe not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask" removed from browser.search.order.1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Folder C:\ProgramData\dAgOnAh18101\ not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 116 bytes

User: Default User

User: Lola
->Temp folder emptied: 24420197 bytes
->Temporary Internet Files folder emptied: 8656110 bytes
->Java cache emptied: 35128683 bytes
->FireFox cache emptied: 88572120 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1926851 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1153296 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3254 bytes
RecycleBin emptied: 406 bytes

Total Files Cleaned = 153,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 03162011_135339

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 16.03.2011, 14:09

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

chiquita_banana · 16.03.2011, 16:19

ich würde gerne den file posten, doch hängt sich mein laptop immer auf wenn ich cofi ausführe!

cosinus · 16.03.2011, 16:21

Lad cofi.exe neu runter, starte Windows neu und probier es nochmal.

chiquita_banana · 16.03.2011, 17:21

Er hängt sich immer noch auf. er bleibt immer beim anfangsbildschirm hängen.
also wo steht.
combiFix wird vorbereitet, vorgang wird max. 10 minuten dauern und bei stark infizierten rechner wird sich die zeit schnell verdoppeln

dann gehts ni weiter! also er macht zumindestens nix weiter!

cosinus · 16.03.2011, 19:15

Bitte führe mal dieses Tool von Kaspersky aus => http://www.trojaner-board.de/82358-t...entfernen.html

chiquita_banana · 17.03.2011, 07:28

so hab jetz das von kaspersky ausgeführt und hier is der report!

2011/03/17 07:41:13.0272 1432 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/17 07:41:13.0631 1432 ================================================================================
2011/03/17 07:41:13.0631 1432 SystemInfo:
2011/03/17 07:41:13.0631 1432
2011/03/17 07:41:13.0631 1432 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/17 07:41:13.0631 1432 Product type: Workstation
2011/03/17 07:41:13.0631 1432 ComputerName: LOLA-PC
2011/03/17 07:41:13.0631 1432 UserName: Lola
2011/03/17 07:41:13.0631 1432 Windows directory: C:\Windows
2011/03/17 07:41:13.0631 1432 System windows directory: C:\Windows
2011/03/17 07:41:13.0631 1432 Processor architecture: Intel x86
2011/03/17 07:41:13.0631 1432 Number of processors: 2
2011/03/17 07:41:13.0631 1432 Page size: 0x1000
2011/03/17 07:41:13.0631 1432 Boot type: Normal boot
2011/03/17 07:41:13.0631 1432 ================================================================================
2011/03/17 07:41:14.0333 1432 Initialize success
2011/03/17 07:41:28.0748 1996 ================================================================================
2011/03/17 07:41:28.0748 1996 Scan started
2011/03/17 07:41:28.0748 1996 Mode: Manual;
2011/03/17 07:41:28.0748 1996 ================================================================================
2011/03/17 07:41:29.0450 1996 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/17 07:41:29.0590 1996 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/03/17 07:41:29.0668 1996 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/03/17 07:41:29.0730 1996 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/03/17 07:41:29.0855 1996 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/03/17 07:41:30.0105 1996 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/17 07:41:30.0354 1996 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/03/17 07:41:30.0510 1996 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/17 07:41:30.0682 1996 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/03/17 07:41:30.0869 1996 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/03/17 07:41:30.0932 1996 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/03/17 07:41:31.0010 1996 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/03/17 07:41:31.0072 1996 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/03/17 07:41:31.0259 1996 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/03/17 07:41:31.0337 1996 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/03/17 07:41:31.0571 1996 ArcSoftKsUFilter (cf3a922857b052c3f073b72c905e4c89) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/03/17 07:41:31.0618 1996 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/17 07:41:31.0680 1996 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/17 07:41:32.0164 1996 atikmdag (0be6ed329aa8ef85ebb890d336071e7c) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/17 07:41:32.0351 1996 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/03/17 07:41:32.0601 1996 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/03/17 07:41:32.0710 1996 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/03/17 07:41:32.0850 1996 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/17 07:41:33.0022 1996 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/17 07:41:33.0131 1996 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/17 07:41:33.0178 1996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/17 07:41:33.0303 1996 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/17 07:41:33.0350 1996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/17 07:41:33.0459 1996 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/17 07:41:33.0584 1996 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/17 07:41:33.0911 1996 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/17 07:41:34.0083 1996 catchme (d94b86ad01a3cc323619d4ff512ed6fa) C:\Users\Lola\AppData\Local\Temp\catchme.sys
2011/03/17 07:41:34.0286 1996 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/17 07:41:34.0613 1996 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/17 07:41:35.0066 1996 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/03/17 07:41:35.0237 1996 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/17 07:41:35.0877 1996 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/17 07:41:36.0080 1996 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/03/17 07:41:36.0423 1996 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/17 07:41:37.0234 1996 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/17 07:41:37.0983 1996 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/03/17 07:41:38.0763 1996 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/17 07:41:39.0839 1996 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/17 07:41:40.0479 1996 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/03/17 07:41:41.0306 1996 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/17 07:41:42.0195 1996 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/17 07:41:42.0444 1996 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/17 07:41:42.0616 1996 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/17 07:41:42.0959 1996 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/03/17 07:41:43.0287 1996 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/17 07:41:43.0677 1996 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/17 07:41:44.0176 1996 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/17 07:41:44.0488 1996 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/17 07:41:44.0675 1996 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/17 07:41:44.0894 1996 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/17 07:41:45.0315 1996 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/17 07:41:45.0689 1996 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/17 07:41:45.0830 1996 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/17 07:41:46.0095 1996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/17 07:41:46.0672 1996 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/17 07:41:47.0109 1996 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/17 07:41:47.0343 1996 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/17 07:41:47.0499 1996 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/17 07:41:47.0561 1996 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/17 07:41:47.0702 1996 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/03/17 07:41:48.0014 1996 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/03/17 07:41:48.0497 1996 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/03/17 07:41:48.0747 1996 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/03/17 07:41:48.0981 1996 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/17 07:41:49.0340 1996 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/03/17 07:41:49.0792 1996 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/17 07:41:50.0135 1996 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/03/17 07:41:51.0102 1996 igfx (1b954f2bcb244596da704dc8c7729930) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/17 07:41:52.0148 1996 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/17 07:41:52.0662 1996 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/17 07:41:52.0959 1996 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/17 07:41:53.0130 1996 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/17 07:41:53.0489 1996 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/17 07:41:53.0973 1996 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/17 07:41:54.0254 1996 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/17 07:41:54.0394 1996 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/17 07:41:54.0706 1996 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/03/17 07:41:55.0018 1996 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/17 07:41:55.0283 1996 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/17 07:41:55.0689 1996 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/17 07:41:56.0079 1996 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys
2011/03/17 07:41:56.0391 1996 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\Windows\system32\DRIVERS\k750mdfl.sys
2011/03/17 07:41:56.0703 1996 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\Windows\system32\DRIVERS\k750mdm.sys
2011/03/17 07:41:56.0952 1996 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/17 07:41:57.0405 1996 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/03/17 07:41:57.0904 1996 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/17 07:41:58.0232 1996 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/17 07:41:58.0434 1996 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/17 07:41:58.0746 1996 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/17 07:41:59.0168 1996 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/17 07:41:59.0620 1996 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/17 07:42:00.0010 1996 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/03/17 07:42:00.0400 1996 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/03/17 07:42:00.0759 1996 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/17 07:42:00.0899 1996 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/17 07:42:01.0040 1996 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/17 07:42:01.0289 1996 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/17 07:42:01.0508 1996 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/17 07:42:01.0664 1996 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/03/17 07:42:01.0929 1996 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/17 07:42:02.0350 1996 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/17 07:42:02.0522 1996 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/17 07:42:02.0787 1996 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/17 07:42:03.0286 1996 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/17 07:42:03.0707 1996 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/17 07:42:03.0926 1996 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/03/17 07:42:04.0284 1996 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/03/17 07:42:04.0799 1996 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/17 07:42:05.0033 1996 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/17 07:42:05.0236 1996 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/17 07:42:05.0298 1996 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/17 07:42:05.0423 1996 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/17 07:42:05.0548 1996 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/17 07:42:05.0657 1996 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/17 07:42:05.0922 1996 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/17 07:42:06.0203 1996 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/17 07:42:06.0562 1996 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/17 07:42:06.0936 1996 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/17 07:42:07.0373 1996 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/17 07:42:07.0467 1996 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/17 07:42:07.0857 1996 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/17 07:42:08.0060 1996 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/17 07:42:08.0559 1996 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/17 07:42:08.0808 1996 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/17 07:42:09.0635 1996 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/03/17 07:42:10.0353 1996 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/17 07:42:10.0743 1996 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/17 07:42:10.0992 1996 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/17 07:42:11.0757 1996 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/17 07:42:12.0100 1996 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/17 07:42:12.0537 1996 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/17 07:42:12.0708 1996 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/03/17 07:42:13.0098 1996 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/03/17 07:42:13.0832 1996 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/03/17 07:42:15.0158 1996 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/17 07:42:16.0094 1996 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/17 07:42:16.0390 1996 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/17 07:42:16.0764 1996 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/17 07:42:17.0076 1996 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/17 07:42:17.0217 1996 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/03/17 07:42:17.0435 1996 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/17 07:42:17.0810 1996 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/17 07:42:18.0808 1996 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/17 07:42:19.0510 1996 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/03/17 07:42:19.0650 1996 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/17 07:42:19.0775 1996 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/17 07:42:20.0009 1996 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/03/17 07:42:20.0087 1996 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/17 07:42:20.0134 1996 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/17 07:42:20.0212 1996 R5U870FLx86 (9c9d24115f13af3aea05e1343a032bb1) C:\Windows\system32\Drivers\R5U870FLx86.sys
2011/03/17 07:42:20.0274 1996 R5U870FUx86 (18b4c879647661de37b49c2e48d65820) C:\Windows\system32\Drivers\R5U870FUx86.sys
2011/03/17 07:42:20.0399 1996 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/17 07:42:20.0462 1996 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/17 07:42:20.0524 1996 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/17 07:42:20.0602 1996 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/17 07:42:20.0742 1996 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/17 07:42:20.0789 1996 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/17 07:42:20.0883 1996 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/03/17 07:42:21.0117 1996 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/17 07:42:21.0476 1996 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/17 07:42:21.0866 1996 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/03/17 07:42:22.0614 1996 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/03/17 07:42:23.0129 1996 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/17 07:42:23.0691 1996 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/03/17 07:42:24.0471 1996 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/17 07:42:24.0986 1996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/17 07:42:25.0360 1996 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/17 07:42:26.0046 1996 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/17 07:42:26.0592 1996 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/17 07:42:27.0076 1996 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/03/17 07:42:27.0279 1996 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/17 07:42:27.0497 1996 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/17 07:42:27.0622 1996 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/17 07:42:28.0106 1996 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/03/17 07:42:28.0464 1996 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/03/17 07:42:28.0870 1996 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/03/17 07:42:29.0432 1996 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/17 07:42:29.0837 1996 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
2011/03/17 07:42:30.0071 1996 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/17 07:42:30.0492 1996 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/17 07:42:31.0179 1996 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/17 07:42:31.0584 1996 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/17 07:42:32.0084 1996 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/03/17 07:42:32.0739 1996 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/17 07:42:33.0144 1996 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/17 07:42:33.0316 1996 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/17 07:42:33.0644 1996 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/17 07:42:34.0080 1996 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/17 07:42:34.0689 1996 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/17 07:42:35.0500 1996 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/17 07:42:35.0796 1996 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/17 07:42:36.0124 1996 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
2011/03/17 07:42:36.0701 1996 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/17 07:42:36.0904 1996 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/17 07:42:37.0169 1996 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/17 07:42:37.0481 1996 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/17 07:42:37.0590 1996 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
2011/03/17 07:42:37.0746 1996 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys
2011/03/17 07:42:38.0246 1996 tosrfbd (8c3bfaf3fca90502e6fa35503b8e979e) C:\Windows\system32\DRIVERS\tosrfbd.sys
2011/03/17 07:42:38.0573 1996 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys
2011/03/17 07:42:38.0854 1996 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys
2011/03/17 07:42:39.0010 1996 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2011/03/17 07:42:39.0119 1996 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
2011/03/17 07:42:39.0228 1996 tosrfusb (ac59b465500e660607ba393587e0e3a1) C:\Windows\system32\DRIVERS\tosrfusb.sys
2011/03/17 07:42:39.0431 1996 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/17 07:42:39.0837 1996 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/17 07:42:39.0946 1996 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/17 07:42:40.0055 1996 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/03/17 07:42:40.0367 1996 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/17 07:42:40.0617 1996 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/17 07:42:40.0695 1996 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/03/17 07:42:40.0742 1996 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/17 07:42:40.0960 1996 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/17 07:42:41.0132 1996 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/17 07:42:41.0225 1996 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/17 07:42:41.0397 1996 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/03/17 07:42:41.0475 1996 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/17 07:42:41.0943 1996 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/17 07:42:42.0021 1996 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/03/17 07:42:42.0130 1996 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/17 07:42:42.0426 1996 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/17 07:42:42.0832 1996 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/03/17 07:42:43.0082 1996 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/17 07:42:43.0316 1996 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/17 07:42:43.0534 1996 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/17 07:42:43.0612 1996 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/17 07:42:44.0002 1996 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/17 07:42:44.0252 1996 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/17 07:42:44.0642 1996 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/17 07:42:44.0844 1996 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/17 07:42:45.0078 1996 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/03/17 07:42:45.0328 1996 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/03/17 07:42:45.0983 1996 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/03/17 07:42:46.0451 1996 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/17 07:42:46.0654 1996 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/17 07:42:47.0044 1996 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/17 07:42:47.0231 1996 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/03/17 07:42:47.0434 1996 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/17 07:42:47.0668 1996 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/17 07:42:47.0684 1996 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/17 07:42:48.0027 1996 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/03/17 07:42:48.0604 1996 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/17 07:42:49.0322 1996 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/03/17 07:42:49.0836 1996 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/03/17 07:42:50.0320 1996 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/03/17 07:42:50.0601 1996 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/17 07:42:51.0022 1996 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/17 07:42:51.0630 1996 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/17 07:42:52.0161 1996 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/17 07:42:52.0379 1996 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/03/17 07:42:52.0520 1996 ================================================================================
2011/03/17 07:42:52.0520 1996 Scan finished
2011/03/17 07:42:52.0520 1996 ================================================================================

cosinus · 17.03.2011, 09:51

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

chiquita_banana · 17.03.2011, 10:33

wie schon befürchtet is GMER immer abgeschmiert

OSAM log:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:30:31 on 17.03.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.15

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000Core.job" - "Google Inc." - C:\Users\Lola\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000UA.job" - "Google Inc." - C:\Users\Lola\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ArcSoft Magic-I Visual Effect" (ArcSoftKsUFilter) - "ArcSoft, Inc." - C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Lola\AppData\Local\Temp\catchme.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{79BC0345-1015-11D2-A299-006008312725} "blue.shell" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Conduit Engine" - "Conduit Ltd." - C:\Program Files\ConduitEngine\ConduitEngine.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{0CCA191D-13A6-4E29-B746-314DEE697D83} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader5.ocx / hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
{8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1225017435
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{0972B098-DEE9-4279-AC7E-4BAAA029102D} "PhotoboxPhotowaysUploader5 Control" - "PhotoBox Photoways" - C:\Windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx / hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090921024610
{741747F6-83B4-4FB9-A268-8CA4010762C8} "Snapfish Activia2" - "Snapfish" - C:\Windows\Downloaded Program Files\SnapfishActivia1002.ocx / hxxp://www3.snapfish.de/SnapfishActivia2.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Program Files\ConduitEngine\ConduitEngine.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Program Files\ConduitEngine\ConduitEngine.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "{CA6319C0-31B7-401E-A518-A07C3DB8F777}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Status Monitor.lnk" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Capture Device Service" (Capture Device Service) - "InterVideo Inc." - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
"Viewpoint Service" (Viewpoint Service) - "Viewpoint Corporation" - C:\Program Files\Viewpoint\Common\ViewpointService.exe
"VUAgent" (VUAgent) - "Sony Corporation" - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRchek log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Sony Corporation
System Product Name: VGN-CR21S_P
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 160):
0x8241E000 \SystemRoot\system32\ntkrnlpa.exe
0x827D8000 \SystemRoot\system32\hal.dll
0x80608000 \SystemRoot\system32\kdcom.dll
0x8060F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067F000 \SystemRoot\system32\PSHED.dll
0x80690000 \SystemRoot\system32\BOOTVID.dll
0x80698000 \SystemRoot\system32\CLFS.SYS
0x806D9000 \SystemRoot\system32\CI.dll
0x82A0B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82A87000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A94000 \SystemRoot\system32\drivers\acpi.sys
0x82ADA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82AE3000 \SystemRoot\system32\drivers\msisadrv.sys
0x82AEB000 \SystemRoot\system32\drivers\pci.sys
0x82B12000 \SystemRoot\System32\drivers\partmgr.sys
0x82B21000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82B24000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82B2E000 \SystemRoot\system32\drivers\volmgr.sys
0x82B3D000 \SystemRoot\System32\drivers\volmgrx.sys
0x82B87000 \SystemRoot\system32\drivers\intelide.sys
0x82B8E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82B9C000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x82BC9000 \SystemRoot\System32\drivers\mountmgr.sys
0x82BD9000 \SystemRoot\system32\drivers\atapi.sys
0x82BE1000 \SystemRoot\system32\drivers\ataport.SYS
0x807B9000 \SystemRoot\system32\drivers\fltmgr.sys
0x807EB000 \SystemRoot\system32\drivers\fileinfo.sys
0x82A00000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88005000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88076000 \SystemRoot\system32\drivers\ndis.sys
0x88181000 \SystemRoot\system32\drivers\msrpc.sys
0x881AC000 \SystemRoot\system32\drivers\NETIO.SYS
0x8820D000 \SystemRoot\System32\drivers\tcpip.sys
0x882F7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88404000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88514000 \SystemRoot\system32\drivers\volsnap.sys
0x8854D000 \SystemRoot\System32\Drivers\spldr.sys
0x88555000 \SystemRoot\System32\Drivers\mup.sys
0x88564000 \SystemRoot\System32\drivers\ecache.sys
0x8858B000 \SystemRoot\system32\drivers\disk.sys
0x8859C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885BD000 \SystemRoot\system32\drivers\crcdisk.sys
0x885E6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x885F1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88312000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x885FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C807000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x88321000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CDED000 \SystemRoot\System32\drivers\watchdog.sys
0x883C1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C204000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C242000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C251000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D034000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8D04C000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8D05C000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8D06A000 \SystemRoot\system32\drivers\ti21sony.sys
0x8D136000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D149000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D154000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D17F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D181000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D18C000 \SystemRoot\System32\Drivers\SonyNC.sys
0x8D193000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D1AB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8D1B1000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x8D1C1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C2DE000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D1F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CE00000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8C31F000 \SystemRoot\system32\drivers\modem.sys
0x8C32C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C343000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C34E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C371000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C380000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C394000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C3A9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CE08000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C3B9000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C3E3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C3ED000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D60B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D640000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x8D64B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D80F000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D9BC000 \SystemRoot\system32\drivers\portcls.sys
0x8D65C000 \SystemRoot\system32\drivers\drmk.sys
0x8D681000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D6BE000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8DA0C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8DAC0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8DAC9000 \SystemRoot\System32\Drivers\Null.SYS
0x8DAD0000 \SystemRoot\System32\Drivers\Beep.SYS
0x8DAD7000 \SystemRoot\System32\drivers\vga.sys
0x8DAE3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8DB04000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8DB0C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8DB14000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8DB1F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8DB2D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8DB36000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DB4C000 \SystemRoot\system32\DRIVERS\smb.sys
0x8DB60000 \SystemRoot\system32\drivers\afd.sys
0x8DBA8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DBDA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DBF0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D9E9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DA00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8D7C1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D800000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DA06000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x883CC000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DC02000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8DC28000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8DC2A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8DC41000 \SystemRoot\System32\Drivers\R5U870FLx86.sys
0x8DC53000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8DC74000 \SystemRoot\System32\Drivers\R5U870FUx86.sys
0x8DC7F000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x8DC88000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8DC91000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8DCA1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8DCA8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8DCB0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DCBD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8DCC8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95A60000 \SystemRoot\System32\win32k.sys
0x8DCD0000 \SystemRoot\System32\drivers\Dxapi.sys
0x8DCDA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95C80000 \SystemRoot\System32\TSDDD.dll
0x95CA0000 \SystemRoot\System32\cdd.dll
0x8DCE9000 \SystemRoot\system32\drivers\luafv.sys
0x8DD04000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8DD21000 \SystemRoot\system32\drivers\spsys.sys
0x8DDD1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAA409000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAA433000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA43D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAA450000 \SystemRoot\system32\drivers\HTTP.sys
0xAA4BD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAA4DA000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAA4F3000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAA508000 \SystemRoot\system32\drivers\mrxdav.sys
0xAA529000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAA548000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAA581000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAA599000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD20B000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD271000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAD275000 \SystemRoot\system32\drivers\peauth.sys
0xAD353000 \SystemRoot\system32\drivers\regi.sys
0xAD355000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAD35F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8CE0A000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0xAD36B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAD380000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xAD392000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAD3A8000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x773B0000 \Windows\System32\ntdll.dll

Processes (total 75):
0 System Idle Process
4 System
420 C:\Windows\System32\smss.exe
564 csrss.exe
608 C:\Windows\System32\wininit.exe
616 csrss.exe
652 C:\Windows\System32\services.exe
684 C:\Windows\System32\lsass.exe
692 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\audiodg.exe
1284 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\SLsvc.exe
1348 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\svchost.exe
1784 C:\Windows\System32\dwm.exe
1868 C:\Windows\System32\spoolsv.exe
1908 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1928 C:\Windows\System32\svchost.exe
1964 C:\Windows\System32\taskeng.exe
1976 C:\Windows\explorer.exe
1156 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1456 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
748 C:\Program Files\Bonjour\mDNSResponder.exe
1564 C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
536 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
1672 C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
1712 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1412 C:\Windows\System32\hkcmd.exe
2020 C:\Windows\System32\igfxsrvc.exe
832 C:\Windows\System32\igfxpers.exe
2108 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2268 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2288 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2324 C:\Windows\WindowsMobile\wmdSync.exe
2336 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2372 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2380 C:\Windows\ehome\ehtray.exe
2392 C:\Program Files\Windows Sidebar\sidebar.exe
2456 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
2464 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
2560 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2604 C:\Windows\System32\svchost.exe
2628 C:\Windows\System32\svchost.exe
2700 C:\Windows\ehome\ehmsas.exe
2960 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2976 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
3072 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
3096 C:\Program Files\Viewpoint\Common\ViewpointService.exe
3124 C:\Windows\System32\svchost.exe
3152 C:\Windows\System32\SearchIndexer.exe
3180 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
3324 WUDFHost.exe
3356 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
3392 C:\Windows\System32\drivers\XAudio.exe
3636 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
3644 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
3688 C:\Windows\System32\svchost.exe
3884 C:\Windows\System32\mobsync.exe
3992 igfxext.exe
4052 igfxsrvc.exe
2496 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
1948 C:\Windows\System32\svchost.exe
2304 WmiPrvSE.exe
1992 C:\Windows\System32\SearchProtocolHost.exe
1228 C:\Windows\System32\SearchFilterHost.exe
980 C:\Windows\System32\SearchProtocolHost.exe
2584 C:\Users\Lola\Desktop\MBRCheck.exe
3308 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`3c600000 (NTFS)

PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.ALC

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

cosinus · 17.03.2011, 11:38

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

15.03.2011, 16:44	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	System Tool entfernen und dazugehörige Logfile Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ __________________

16.03.2011, 16:21	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	System Tool entfernen und dazugehörige Logfile Lad cofi.exe neu runter, starte Windows neu und probier es nochmal. __________________ Logfiles bitte immer in CODE-Tags posten

16.03.2011, 19:15	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	System Tool entfernen und dazugehörige Logfile Bitte führe mal dieses Tool von Kaspersky aus => http://www.trojaner-board.de/82358-t...entfernen.html __________________ Logfiles bitte immer in CODE-Tags posten

17.03.2011, 11:38	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	System Tool entfernen und dazugehörige Logfile Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

System Tool entfernen und dazugehörige Logfile

Plagegeister aller Art und deren Bekämpfung: System Tool entfernen und dazugehörige Logfile