Trojaner TR/Kazy.mekml.1

gerry10 · 27.04.2011, 20:50

Hallo,

habe mir wohl auch diesen Trojaner eingefangen.
Mein Desktop ist schwarz und es fehlt ne ganze Menge.
Habe auch schon das mit der load.exe probiert aber die sachen sind gleich wieder von meinem Desktop verschwunden.
Ich habe jetzt die mbam log-datei und die beiden otl-log-datein erstellt, ich hoffe das ist so richtig.

Danke im vorraus für eure hilfe

Swisstreasure · 27.04.2011, 21:59

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
PRC - C:\ProgramData\qSsBwhAkulOsDNp.exe (WinTrust)
O4 - HKCU..\Run: [qSsBwhAkulOsDNp] C:\ProgramData\qSsBwhAkulOsDNp.exe (WinTrust)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ddba7fa-4dbb-11de-ae2d-001d72dad057}\Shell - "" = AutoRun
O33 - MountPoints2\{6ddba7fa-4dbb-11de-ae2d-001d72dad057}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O33 - MountPoints2\{81e1ee52-d920-11df-a4a6-001d72dad057}\Shell - "" = AutoRun
O33 - MountPoints2\{81e1ee52-d920-11df-a4a6-001d72dad057}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{985a066c-b9ba-11df-be34-001d72dad057}\Shell - "" = AutoRun
O33 - MountPoints2\{985a066c-b9ba-11df-be34-001d72dad057}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta
O33 - MountPoints2\{b07d2a78-b7ee-11df-adeb-001d72dad057}\Shell - "" = AutoRun
O33 - MountPoints2\{b07d2a78-b7ee-11df-adeb-001d72dad057}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta
O33 - MountPoints2\{b1907d8b-9611-11de-b779-00215d55fee6}\Shell - "" = AutoRun
O33 - MountPoints2\{b1907d8b-9611-11de-b779-00215d55fee6}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b1907da6-9611-11de-b779-00215d55fee6}\Shell - "" = AutoRun
O33 - MountPoints2\{b1907da6-9611-11de-b779-00215d55fee6}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bae4b491-8e77-11de-b9bb-001d72dad057}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{e6007649-9613-11de-9354-00215d55fee6}\Shell - "" = AutoRun
O33 - MountPoints2\{e6007649-9613-11de-9354-00215d55fee6}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e600764b-9613-11de-9354-00215d55fee6}\Shell - "" = AutoRun
O33 - MountPoints2\{e600764b-9613-11de-9354-00215d55fee6}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F3176E45
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5711EF65
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP;)88D995C
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5D10517E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60
[2011.04.27 07:52:22 | 000,573,440 | -H-- | C] (WinTrust) -- C:\ProgramData\qSsBwhAkulOsDNp.exe
[2011.04.27 07:52:20 | 000,573,440 | -H-- | C] (WinTrust) -- C:\Users\Toni\Desktop\null0.7396047803483226.exe
:Commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 3

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

ATTFilter

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

gerry10 · 27.04.2011, 22:29

also hier ist schritt eins:

code:

All processes killed
========== OTL ==========
No active process named qSsBwhAkulOsDNp.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qSsBwhAkulOsDNp deleted successfully.
C:\ProgramData\qSsBwhAkulOsDNp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ddba7fa-4dbb-11de-ae2d-001d72dad057}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ddba7fa-4dbb-11de-ae2d-001d72dad057}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ddba7fa-4dbb-11de-ae2d-001d72dad057}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ddba7fa-4dbb-11de-ae2d-001d72dad057}\ not found.
File G:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e1ee52-d920-11df-a4a6-001d72dad057}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81e1ee52-d920-11df-a4a6-001d72dad057}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e1ee52-d920-11df-a4a6-001d72dad057}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81e1ee52-d920-11df-a4a6-001d72dad057}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{985a066c-b9ba-11df-be34-001d72dad057}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{985a066c-b9ba-11df-be34-001d72dad057}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{985a066c-b9ba-11df-be34-001d72dad057}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{985a066c-b9ba-11df-be34-001d72dad057}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b07d2a78-b7ee-11df-adeb-001d72dad057}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b07d2a78-b7ee-11df-adeb-001d72dad057}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b07d2a78-b7ee-11df-adeb-001d72dad057}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b07d2a78-b7ee-11df-adeb-001d72dad057}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1907d8b-9611-11de-b779-00215d55fee6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1907d8b-9611-11de-b779-00215d55fee6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1907d8b-9611-11de-b779-00215d55fee6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1907d8b-9611-11de-b779-00215d55fee6}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1907da6-9611-11de-b779-00215d55fee6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1907da6-9611-11de-b779-00215d55fee6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1907da6-9611-11de-b779-00215d55fee6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1907da6-9611-11de-b779-00215d55fee6}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bae4b491-8e77-11de-b9bb-001d72dad057}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bae4b491-8e77-11de-b9bb-001d72dad057}\ not found.
File G:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6007649-9613-11de-9354-00215d55fee6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6007649-9613-11de-9354-00215d55fee6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6007649-9613-11de-9354-00215d55fee6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6007649-9613-11de-9354-00215d55fee6}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e600764b-9613-11de-9354-00215d55fee6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e600764b-9613-11de-9354-00215d55fee6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e600764b-9613-11de-9354-00215d55fee6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e600764b-9613-11de-9354-00215d55fee6}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
ADS C:\ProgramData\TEMP:F3176E45 deleted successfully.
ADS C:\ProgramData\TEMP:A696643D deleted successfully.
ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.
ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
ADS C:\ProgramData\TEMP:5711EF65 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:193426B4 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP

88D995C .
ADS C:\ProgramData\TEMP:5D10517E deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:2B99FE60 deleted successfully.
File C:\ProgramData\qSsBwhAkulOsDNp.exe not found.
C:\Users\Toni\Desktop\null0.7396047803483226.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nadine
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NeroMediaHomeUser.4
->Temp folder emptied: 7168 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Toni
->Temp folder emptied: 239784 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 574 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1248 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04272011_231130

Files\Folders moved on Reboot...
C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\etilqs_g3j49ThAWmSxGcGhFr7g moved successfully.
C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\etilqs_g3j49ThAWmSxGcGhFr7g-journal moved successfully.

Registry entries deleted on Reboot...

gerry10 · 27.04.2011, 22:32

hier schritt zwei allerdings, habe ich die datei extra.txt nicht erhalten

Code:

ATTFilter

OTL logfile created on: 27.04.2011 23:18:03 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = G:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 59,51 Gb Free Space | 41,71% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 22,03 Gb Free Space | 15,44% Space Free | Partition Type: NTFS
Drive G: | 14,89 Gb Total Space | 1,13 Gb Free Space | 7,60% Space Free | Partition Type: FAT32
 
Computer Name: TONIS-SCHLEPPI | User Name: Toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Toni\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - G:\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Programme\XSManager\WTGService.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\maxdome\DCBin\DCService.exe (Entriq, Inc.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - G:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Prosieben) -- C:\Program Files\maxdome\DCBin\DCService.exe (Entriq, Inc.)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (TDslMgrService) -- C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (NeroMediaHomeService.4) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI)
DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_5930
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
 
 
[2009.08.21 20:58:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Extensions
[2009.08.21 20:58:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2008.11.26 16:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
O1 HOSTS File: ([2011.04.27 17:59:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} -  File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 [2011.02.13 18:26:56 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: gamepoint.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: navigram.com ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} https://account.maxdome.de/presentation/script/HWTest.CAB (HWTest.HWTestControl)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226775789563 (MUWebControl Class)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {98474E4F-5229-4CAC-9E28-6D52D992268D} hxxp://kpscdhaendler.ar-live.de/afc-frontend/main/Setup_AFC_ONLINE_2_7_0_3_STANDARD.cab (AS_AR_Control Light Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Toni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Toni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.27 21:14:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.27 21:14:13 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.27 21:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.27 20:57:16 | 000,791,393 | -H-- | C] (Lars Hederer                                                ) -- C:\Users\Toni\Desktop\Erunt-setup.exe
[2011.04.27 20:57:16 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe
[2011.04.27 20:57:16 | 000,446,464 | -H-- | C] (OldTimer Tools) -- C:\Users\Toni\Desktop\TFC.exe
[2011.04.27 17:22:07 | 000,000,000 | -H-D | C] -- C:\Users\Toni\AppData\Roaming\Malwarebytes
[2011.04.27 17:22:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.27 17:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.27 17:21:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.27 17:21:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.27 17:21:55 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.19 07:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.19 07:46:24 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.19 07:46:21 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.19 07:44:17 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.01 21:27:02 | 000,000,000 | -H-D | C] -- C:\Users\Toni\AppData\Roaming\Simfy
[2011.04.01 21:27:00 | 000,000,000 | ---D | C] -- C:\Programme\simfy
[2011.04.01 21:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2008.10.17 05:15:36 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.27 23:21:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.27 23:21:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.27 23:21:05 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.27 23:21:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.27 23:20:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CA0E136-6AAF-4555-9DA6-79992AB719F2}.job
[2011.04.27 23:13:39 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.04.27 23:13:38 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.04.27 23:13:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.04.27 23:13:25 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 23:13:25 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 23:13:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.27 23:13:06 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.27 23:12:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.27 22:06:06 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{17657013-1DD7-4F20-A29C-8ACF8A4BCC3C}.job
[2011.04.27 21:14:14 | 000,000,737 | -H-- | M] () -- C:\Users\Toni\Desktop\NTREGOPT.lnk
[2011.04.27 21:14:13 | 000,000,718 | -H-- | M] () -- C:\Users\Toni\Desktop\ERUNT.lnk
[2011.04.27 20:57:33 | 000,301,568 | -H-- | M] () -- C:\Users\Toni\Desktop\g2m3e4r.exe
[2011.04.27 20:57:32 | 000,791,393 | -H-- | M] (Lars Hederer                                                ) -- C:\Users\Toni\Desktop\Erunt-setup.exe
[2011.04.27 20:57:21 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe
[2011.04.27 20:57:21 | 000,446,464 | -H-- | M] (OldTimer Tools) -- C:\Users\Toni\Desktop\TFC.exe
[2011.04.27 18:08:46 | 000,504,657 | -H-- | M] () -- C:\Users\Toni\Desktop\unhide.exe
[2011.04.27 17:59:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.04.27 08:30:20 | 000,130,048 | -H-- | M] () -- C:\Users\Toni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.27 08:16:07 | 000,169,830 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.04.20 15:47:23 | 000,169,830 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.14 16:40:15 | 000,343,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.13 21:41:12 | 000,000,104 | -H-- | M] () -- C:\Users\Toni\Desktop\E-Mail - Verknüpfung.lnk
[2011.04.09 22:02:38 | 002,058,645 | -H-- | M] () -- C:\Users\Toni\Desktop\Foto.JPG
[2011.04.05 07:31:32 | 000,001,441 | -H-- | M] () -- C:\Users\Toni\Desktop\DivX Movies.lnk
 
========== Files Created - No Company Name ==========
 
[2011.04.27 21:14:14 | 000,000,737 | -H-- | C] () -- C:\Users\Toni\Desktop\NTREGOPT.lnk
[2011.04.27 21:14:13 | 000,000,718 | -H-- | C] () -- C:\Users\Toni\Desktop\ERUNT.lnk
[2011.04.27 20:57:17 | 000,301,568 | -H-- | C] () -- C:\Users\Toni\Desktop\g2m3e4r.exe
[2011.04.27 18:08:39 | 000,504,657 | -H-- | C] () -- C:\Users\Toni\Desktop\unhide.exe
[2011.04.13 21:41:12 | 000,000,104 | -H-- | C] () -- C:\Users\Toni\Desktop\E-Mail - Verknüpfung.lnk
[2011.04.09 22:02:38 | 002,058,645 | -H-- | C] () -- C:\Users\Toni\Desktop\Foto.JPG
[2011.04.05 07:31:32 | 000,001,441 | -H-- | C] () -- C:\Users\Toni\Desktop\DivX Movies.lnk
[2011.01.26 22:57:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.01.26 22:57:09 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.01.26 22:57:09 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.26 22:57:09 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.07.25 14:27:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.22 08:59:31 | 000,000,016 | -H-- | C] () -- C:\Users\Toni\AppData\Roaming\kcmdte.dat
[2010.04.22 08:59:30 | 000,000,004 | -H-- | C] () -- C:\Users\Toni\AppData\Roaming\avdrn.dat
[2010.01.29 09:59:15 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010.01.29 09:59:15 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2010.01.29 09:53:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.01.29 09:53:02 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.01.16 18:26:09 | 000,007,592 | -H-- | C] () -- C:\Users\Toni\AppData\Local\d3d9caps.dat
[2009.10.31 16:21:19 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.10.30 09:23:22 | 000,000,032 | ---- | C] () -- C:\Windows\azeugnis.INI
[2009.09.12 09:49:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.12 09:49:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.04.08 20:52:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\OptCVw7.dll
[2009.04.08 20:52:04 | 000,172,032 | ---- | C] () -- C:\Windows\System32\OptCVm6.dll
[2009.04.08 20:52:04 | 000,114,749 | ---- | C] () -- C:\Windows\System32\cxts001.dll
[2009.04.08 20:52:04 | 000,057,400 | ---- | C] () -- C:\Windows\System32\trs.dll
[2009.04.08 20:52:03 | 000,200,704 | ---- | C] () -- C:\Windows\System32\OptCVa6.dll
[2009.04.08 20:51:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\BS_Register.exe
[2009.02.28 21:01:43 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.12.21 20:51:20 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2008.12.21 20:51:20 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.12.21 20:51:19 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2008.12.21 20:51:18 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2008.12.21 20:51:18 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2008.11.01 22:41:16 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2008.11.01 22:41:16 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.10.30 11:40:15 | 000,130,048 | -H-- | C] () -- C:\Users\Toni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.30 09:55:40 | 000,024,064 | -H-- | C] () -- C:\Users\Toni\AppData\Roaming\UserTile.png
[2008.10.29 15:36:18 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.10.29 14:39:17 | 000,169,830 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2008.10.29 14:36:20 | 000,169,830 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.29 13:23:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.16 19:38:13 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.10.16 19:36:14 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.10.16 19:34:44 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.10.16 19:34:44 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008.10.16 19:34:44 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2008.10.16 19:34:44 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.10.16 19:30:49 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.16 19:30:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.10.16 19:30:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.10.16 19:30:49 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.10.16 19:26:41 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.08 05:32:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.08 05:32:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.08 05:32:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.08 05:32:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.07 20:06:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.07 20:03:50 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.07 20:03:50 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.30 10:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.30 10:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.04.30 10:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.04.30 10:09:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007.05.02 18:43:30 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2007.05.02 18:43:30 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,343,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.16 07:58:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\aspolyzt.dll
[2006.06.29 12:44:32 | 001,826,304 | ---- | C] () -- C:\Windows\System32\asconv3d.dll
[2006.03.23 09:24:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\as_tree2.dll
[2005.07.06 11:59:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\asdrawli.dll
[2005.07.04 14:17:30 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ASDRAWMA.DLL
[2004.08.17 16:34:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\AS_SORT.DLL
[2003.05.22 11:31:44 | 000,033,792 | ---- | C] () -- C:\Windows\System32\ASDRAW32.DLL
[2002.07.12 15:29:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AS_MDB32.DLL
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001.06.06 10:59:04 | 000,209,612 | ---- | C] () -- C:\Windows\System32\as_fconv.exe
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2008.11.16 17:12:21 | 000,000,000 | -HSD | M] -- C:\Users\Toni\AppData\Roaming\.#
[2008.11.15 21:59:37 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Acer
[2008.05.07 20:02:23 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Acer GameZone Console
[2009.04.08 15:44:57 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\ASCON Installer
[2009.04.08 15:48:40 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\ASCON Programme
[2008.12.21 20:28:40 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Ashampoo
[2008.11.04 23:26:41 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Big Fish Games
[2008.11.01 22:44:35 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Buhl Data Service
[2010.12.15 14:52:06 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Canon
[2010.11.21 01:21:47 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Cool Record Edit Deluxe
[2008.12.13 18:43:15 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\CoSoSys
[2008.10.29 17:53:33 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\DAEMON Tools
[2011.02.12 20:56:40 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\elsterformular
[2008.10.29 15:47:10 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\eSobi
[2008.11.01 13:39:56 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Flood Light Games
[2008.10.29 16:07:12 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\FloodLightGames
[2010.12.15 12:38:59 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\FRITZ!
[2010.08.17 21:18:35 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Leadertech
[2009.05.31 10:26:44 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\LG Electronics
[2008.11.29 23:06:03 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\LimeWire
[2008.11.29 23:11:14 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\PeerNetworking
[2008.10.29 23:33:48 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\PlayFirst
[2011.04.01 21:27:02 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Simfy
[2009.02.01 14:24:30 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\T-Online
[2009.08.21 20:58:54 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\TomTom
[2008.10.29 13:09:38 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\TuneUp Software
[2008.11.26 11:12:30 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\TVcentral-Core
[2009.08.31 11:39:50 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Vodafone
[2010.10.16 18:47:03 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\XSManager
[2011.04.27 23:13:38 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.04.27 23:12:03 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.27 22:06:06 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{17657013-1DD7-4F20-A29C-8ACF8A4BCC3C}.job
[2011.04.27 23:20:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CA0E136-6AAF-4555-9DA6-79992AB719F2}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.11.10 10:18:08 | 000,000,000 | -H-- | M] () -- C:\AILog.txt
[2008.10.27 11:38:10 | 001,348,370 | -H-- | M] () -- C:\Apr2005_d3dx9_25_x64.cab
[2008.10.27 11:38:08 | 001,079,978 | -H-- | M] () -- C:\Apr2005_d3dx9_25_x86.cab
[2008.10.27 11:38:12 | 001,398,846 | -H-- | M] () -- C:\Apr2006_d3dx9_30_x64.cab
[2008.10.27 11:38:10 | 001,116,237 | -H-- | M] () -- C:\Apr2006_d3dx9_30_x86.cab
[2008.10.27 11:38:04 | 000,917,446 | -H-- | M] () -- C:\Apr2006_MDX1_x86.cab
[2008.10.27 11:38:20 | 004,163,646 | -H-- | M] () -- C:\Apr2006_MDX1_x86_Archive.cab
[2008.10.27 11:37:46 | 000,180,149 | -H-- | M] () -- C:\Apr2006_XACT_x64.cab
[2008.10.27 11:37:38 | 000,134,119 | -H-- | M] () -- C:\Apr2006_XACT_x86.cab
[2008.10.27 11:38:02 | 000,088,117 | -H-- | M] () -- C:\Apr2006_xinput_x64.cab
[2008.10.27 11:38:00 | 000,047,026 | -H-- | M] () -- C:\Apr2006_xinput_x86.cab
[2008.10.27 11:38:00 | 000,699,628 | -H-- | M] () -- C:\APR2007_d3dx10_33_x64.cab
[2008.10.27 11:37:58 | 000,696,881 | -H-- | M] () -- C:\APR2007_d3dx10_33_x86.cab
[2008.10.27 11:38:18 | 001,608,374 | -H-- | M] () -- C:\APR2007_d3dx9_33_x64.cab
[2008.10.27 11:38:16 | 001,607,055 | -H-- | M] () -- C:\APR2007_d3dx9_33_x86.cab
[2008.10.27 11:37:48 | 000,196,782 | -H-- | M] () -- C:\APR2007_XACT_x64.cab
[2008.10.27 11:37:44 | 000,152,241 | -H-- | M] () -- C:\APR2007_XACT_x86.cab
[2008.10.27 11:38:08 | 000,097,833 | -H-- | M] () -- C:\APR2007_xinput_x64.cab
[2008.10.27 11:38:02 | 000,054,318 | -H-- | M] () -- C:\APR2007_xinput_x86.cab
[2008.10.27 11:38:12 | 001,351,558 | -H-- | M] () -- C:\Aug2005_d3dx9_27_x64.cab
[2008.10.27 11:38:08 | 001,078,660 | -H-- | M] () -- C:\Aug2005_d3dx9_27_x86.cab
[2008.10.27 11:37:48 | 000,183,919 | -H-- | M] () -- C:\AUG2006_XACT_x64.cab
[2008.10.27 11:37:42 | 000,138,251 | -H-- | M] () -- C:\AUG2006_XACT_x86.cab
[2008.10.27 11:38:02 | 000,088,158 | -H-- | M] () -- C:\AUG2006_xinput_x64.cab
[2008.10.27 11:38:02 | 000,047,074 | -H-- | M] () -- C:\AUG2006_xinput_x86.cab
[2008.10.27 11:38:04 | 000,853,302 | -H-- | M] () -- C:\AUG2007_d3dx10_35_x64.cab
[2008.10.27 11:38:00 | 000,797,883 | -H-- | M] () -- C:\AUG2007_d3dx10_35_x86.cab
[2008.10.27 11:38:18 | 001,801,176 | -H-- | M] () -- C:\AUG2007_d3dx9_35_x64.cab
[2008.10.27 11:38:18 | 001,709,168 | -H-- | M] () -- C:\AUG2007_d3dx9_35_x86.cab
[2008.10.27 11:37:52 | 000,199,112 | -H-- | M] () -- C:\AUG2007_XACT_x64.cab
[2008.10.27 11:37:46 | 000,154,028 | -H-- | M] () -- C:\AUG2007_XACT_x86.cab
[2008.10.27 11:38:04 | 000,868,628 | -H-- | M] () -- C:\Aug2008_d3dx10_39_x64.cab
[2008.10.27 11:38:02 | 000,850,183 | -H-- | M] () -- C:\Aug2008_d3dx10_39_x86.cab
[2008.10.27 11:38:18 | 001,795,100 | -H-- | M] () -- C:\Aug2008_d3dx9_39_x64.cab
[2008.10.27 11:38:14 | 001,465,688 | -H-- | M] () -- C:\Aug2008_d3dx9_39_x86.cab
[2008.10.27 11:37:40 | 000,122,840 | -H-- | M] () -- C:\Aug2008_XACT_x64.cab
[2008.10.27 11:38:02 | 000,094,028 | -H-- | M] () -- C:\Aug2008_XACT_x86.cab
[2008.10.27 11:37:58 | 000,272,384 | -H-- | M] () -- C:\Aug2008_XAudio_x64.cab
[2008.10.27 11:37:58 | 000,270,858 | -H-- | M] () -- C:\Aug2008_XAudio_x86.cab
[2008.10.27 11:38:10 | 001,156,507 | -H-- | M] () -- C:\BDANT.cab
[2008.10.27 11:38:04 | 000,976,164 | -H-- | M] () -- C:\BDAXP.cab
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.02.06 01:25:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008.10.27 11:38:14 | 001,358,992 | -H-- | M] () -- C:\Dec2005_d3dx9_28_x64.cab
[2008.10.27 11:38:10 | 001,080,472 | -H-- | M] () -- C:\Dec2005_d3dx9_28_x86.cab
[2008.10.27 11:37:50 | 000,213,823 | -H-- | M] () -- C:\DEC2006_d3dx10_00_x64.cab
[2008.10.27 11:37:48 | 000,192,736 | -H-- | M] () -- C:\DEC2006_d3dx10_00_x86.cab
[2008.10.27 11:38:16 | 001,572,170 | -H-- | M] () -- C:\DEC2006_d3dx9_32_x64.cab
[2008.10.27 11:38:16 | 001,575,392 | -H-- | M] () -- C:\DEC2006_d3dx9_32_x86.cab
[2008.10.27 11:37:50 | 000,193,491 | -H-- | M] () -- C:\DEC2006_XACT_x64.cab
[2008.10.27 11:37:42 | 000,146,615 | -H-- | M] () -- C:\DEC2006_XACT_x86.cab
[2008.10.27 11:38:54 | 000,095,056 | -H-- | M] (Microsoft Corporation) -- C:\DSETUP.dll
[2008.10.27 11:37:34 | 001,692,496 | -H-- | M] (Microsoft Corporation) -- C:\dsetup32.dll
[2008.10.27 11:38:04 | 000,045,464 | -H-- | M] () -- C:\dxdllreg_x86.cab
[2008.10.27 11:38:20 | 013,265,184 | -H-- | M] () -- C:\dxnt.cab
[2008.10.27 11:36:58 | 000,526,160 | -H-- | M] (Microsoft Corporation) -- C:\DXSETUP.exe
[2008.10.27 11:38:04 | 000,096,053 | -H-- | M] () -- C:\dxupdate.cab
[2008.10.27 11:38:10 | 001,248,515 | -H-- | M] () -- C:\Feb2005_d3dx9_24_x64.cab
[2008.10.27 11:38:08 | 001,014,241 | -H-- | M] () -- C:\Feb2005_d3dx9_24_x86.cab
[2008.10.27 11:38:14 | 001,363,812 | -H-- | M] () -- C:\Feb2006_d3dx9_29_x64.cab
[2008.10.27 11:38:08 | 001,085,736 | -H-- | M] () -- C:\Feb2006_d3dx9_29_x86.cab
[2008.10.27 11:37:46 | 000,179,375 | -H-- | M] () -- C:\Feb2006_XACT_x64.cab
[2008.10.27 11:37:40 | 000,133,425 | -H-- | M] () -- C:\Feb2006_XACT_x86.cab
[2008.10.27 11:37:48 | 000,195,691 | -H-- | M] () -- C:\FEB2007_XACT_x64.cab
[2008.10.27 11:37:42 | 000,148,999 | -H-- | M] () -- C:\FEB2007_XACT_x86.cab
[2011.04.27 23:13:06 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.27 18:43:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.03.16 15:21:00 | 000,470,480 | -H-- | M] (IPLabs GmbH) -- C:\JordanApplet.dll
[2008.10.27 11:38:10 | 001,337,018 | -H-- | M] () -- C:\Jun2005_d3dx9_26_x64.cab
[2008.10.27 11:38:08 | 001,065,941 | -H-- | M] () -- C:\Jun2005_d3dx9_26_x86.cab
[2008.10.27 11:37:46 | 000,181,801 | -H-- | M] () -- C:\JUN2006_XACT_x64.cab
[2008.10.27 11:37:40 | 000,134,687 | -H-- | M] () -- C:\JUN2006_XACT_x86.cab
[2008.10.27 11:38:00 | 000,700,060 | -H-- | M] () -- C:\JUN2007_d3dx10_34_x64.cab
[2008.10.27 11:37:58 | 000,699,488 | -H-- | M] () -- C:\JUN2007_d3dx10_34_x86.cab
[2008.10.27 11:38:16 | 001,608,790 | -H-- | M] () -- C:\JUN2007_d3dx9_34_x64.cab
[2008.10.27 11:38:16 | 001,608,302 | -H-- | M] () -- C:\JUN2007_d3dx9_34_x86.cab
[2008.10.27 11:37:50 | 000,198,138 | -H-- | M] () -- C:\JUN2007_XACT_x64.cab
[2008.10.27 11:37:44 | 000,153,925 | -H-- | M] () -- C:\JUN2007_XACT_x86.cab
[2008.10.27 11:38:04 | 000,868,844 | -H-- | M] () -- C:\JUN2008_d3dx10_38_x64.cab
[2008.10.27 11:38:04 | 000,850,935 | -H-- | M] () -- C:\JUN2008_d3dx10_38_x86.cab
[2008.10.27 11:38:18 | 001,793,624 | -H-- | M] () -- C:\JUN2008_d3dx9_38_x64.cab
[2008.10.27 11:38:14 | 001,464,894 | -H-- | M] () -- C:\JUN2008_d3dx9_38_x86.cab
[2008.10.27 11:38:02 | 000,056,170 | -H-- | M] () -- C:\JUN2008_X3DAudio_x64.cab
[2008.10.27 11:38:02 | 000,022,921 | -H-- | M] () -- C:\JUN2008_X3DAudio_x86.cab
[2008.10.27 11:37:40 | 000,122,070 | -H-- | M] () -- C:\JUN2008_XACT_x64.cab
[2008.10.27 11:38:04 | 000,094,144 | -H-- | M] () -- C:\JUN2008_XACT_x86.cab
[2008.10.27 11:37:58 | 000,270,644 | -H-- | M] () -- C:\JUN2008_XAudio_x64.cab
[2008.10.27 11:37:52 | 000,270,040 | -H-- | M] () -- C:\JUN2008_XAudio_x86.cab
[2008.10.27 11:38:02 | 000,845,900 | -H-- | M] () -- C:\Mar2008_d3dx10_37_x64.cab
[2008.10.27 11:38:02 | 000,819,276 | -H-- | M] () -- C:\Mar2008_d3dx10_37_x86.cab
[2008.10.27 11:38:18 | 001,770,878 | -H-- | M] () -- C:\Mar2008_d3dx9_37_x64.cab
[2008.10.27 11:38:12 | 001,444,298 | -H-- | M] () -- C:\Mar2008_d3dx9_37_x86.cab
[2008.10.27 11:38:02 | 000,056,074 | -H-- | M] () -- C:\Mar2008_X3DAudio_x64.cab
[2008.10.27 11:38:00 | 000,022,883 | -H-- | M] () -- C:\Mar2008_X3DAudio_x86.cab
[2008.10.27 11:37:40 | 000,123,352 | -H-- | M] () -- C:\Mar2008_XACT_x64.cab
[2008.10.27 11:38:08 | 000,094,750 | -H-- | M] () -- C:\Mar2008_XACT_x86.cab
[2008.10.27 11:37:52 | 000,252,210 | -H-- | M] () -- C:\Mar2008_XAudio_x64.cab
[2008.10.27 11:37:52 | 000,227,266 | -H-- | M] () -- C:\Mar2008_XAudio_x86.cab
[2008.10.16 19:30:37 | 000,000,020 | -H-- | M] () -- C:\Medion.ini
[2010.11.27 18:43:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007.03.12 18:59:00 | 000,299,008 | -H-- | M] () -- C:\navigram_register.exe
[2008.10.27 11:38:04 | 000,865,616 | -H-- | M] () -- C:\Nov2007_d3dx10_36_x64.cab
[2008.10.27 11:38:00 | 000,804,900 | -H-- | M] () -- C:\Nov2007_d3dx10_36_x86.cab
[2008.10.27 11:38:20 | 001,803,074 | -H-- | M] () -- C:\Nov2007_d3dx9_36_x64.cab
[2008.10.27 11:38:18 | 001,710,376 | -H-- | M] () -- C:\Nov2007_d3dx9_36_x86.cab
[2008.10.27 11:38:02 | 000,047,160 | -H-- | M] () -- C:\NOV2007_X3DAudio_x64.cab
[2008.10.27 11:38:02 | 000,019,512 | -H-- | M] () -- C:\NOV2007_X3DAudio_x86.cab
[2008.10.27 11:37:48 | 000,197,778 | -H-- | M] () -- C:\NOV2007_XACT_x64.cab
[2008.10.27 11:37:42 | 000,149,280 | -H-- | M] () -- C:\NOV2007_XACT_x86.cab
[2008.10.27 11:38:08 | 000,995,154 | -H-- | M] () -- C:\Nov2008_d3dx10_40_x64.cab
[2008.10.27 11:38:04 | 000,966,445 | -H-- | M] () -- C:\Nov2008_d3dx10_40_x86.cab
[2008.10.27 11:38:20 | 001,907,944 | -H-- | M] () -- C:\Nov2008_d3dx9_40_x64.cab
[2008.10.27 11:38:14 | 001,551,228 | -H-- | M] () -- C:\Nov2008_d3dx9_40_x86.cab
[2008.10.27 11:38:04 | 000,055,538 | -H-- | M] () -- C:\Nov2008_X3DAudio_x64.cab
[2008.10.27 11:38:02 | 000,022,867 | -H-- | M] () -- C:\Nov2008_X3DAudio_x86.cab
[2008.10.27 11:38:08 | 000,122,810 | -H-- | M] () -- C:\Nov2008_XACT_x64.cab
[2008.10.27 11:38:02 | 000,093,700 | -H-- | M] () -- C:\Nov2008_XACT_x86.cab
[2008.10.27 11:37:54 | 000,274,976 | -H-- | M] () -- C:\Nov2008_XAudio_x64.cab
[2008.10.27 11:37:54 | 000,273,627 | -H-- | M] () -- C:\Nov2008_XAudio_x86.cab
[2008.10.27 11:38:02 | 000,087,053 | -H-- | M] () -- C:\Oct2005_xinput_x64.cab
[2008.10.27 11:38:02 | 000,046,375 | -H-- | M] () -- C:\Oct2005_xinput_x86.cab
[2008.10.27 11:38:14 | 001,413,918 | -H-- | M] () -- C:\OCT2006_d3dx9_31_x64.cab
[2008.10.27 11:38:10 | 001,128,233 | -H-- | M] () -- C:\OCT2006_d3dx9_31_x86.cab
[2008.10.27 11:37:48 | 000,183,377 | -H-- | M] () -- C:\OCT2006_XACT_x64.cab
[2008.10.27 11:37:42 | 000,139,033 | -H-- | M] () -- C:\OCT2006_XACT_x86.cab
[2011.04.27 23:13:05 | 3529,629,696 | -HS- | M] () -- C:\pagefile.sys
[2008.10.16 19:27:07 | 000,000,058 | -H-- | M] () -- C:\Partition.txt
[2008.08.28 07:49:24 | 000,004,676 | -HS- | M] () -- C:\Patch.rev
[2008.10.17 05:05:05 | 000,000,147 | RHS- | M] () -- C:\preload.rev
[2009.02.06 15:04:15 | 000,000,091 | -H-- | M] () -- C:\PS.log
[2008.10.16 19:31:34 | 000,000,426 | -H-- | M] () -- C:\RHDSetup.log
[2011.04.27 18:11:42 | 000,069,572 | -H-- | M] () -- C:\TDSSKiller.2.4.21.0_27.04.2011_18.06.39_log.txt
[2009.04.15 07:59:58 | 000,004,863 | -H-- | M] () -- C:\WirelessDiagLog.csv
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.09.13 12:15:15 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009.05.26 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDA2.DLL
[2009.05.26 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPA2.DLL
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2010.10.23 22:42:46 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-27 16:21:50
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D88D995C

< End of report >

Swisstreasure · 27.04.2011, 22:59

Mach bei Schritt 3 weiter. Danach gib eine Rückmeldung wie die Kiste läuft.

gerry10 · 27.04.2011, 23:27

das war jetzt schritt drei

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-28 00:25:46
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: kwsq8vtb.exe; Driver: C:\Users\Toni\AppData\Local\Temp\awroauow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                          section is writeable [0x8EC0E340, 0x3EDF57, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CreateDialogParamW                                               767C72A2 5 Bytes  JMP 68C8DEE8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!GetAsyncKeyState                                                 767C863C 5 Bytes  JMP 68BA8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!SetWindowsHookExW                                                767C87AD 5 Bytes  JMP 68C89B01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CallNextHookEx                                                   767C8E3B 5 Bytes  JMP 68C7D125 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!UnhookWindowsHookEx                                              767C98DB 5 Bytes  JMP 68BF4664 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!EnableWindow                                                     767CCD8B 5 Bytes  JMP 68C8DD75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CreateWindowExW                                                  767D1305 5 Bytes  JMP 68C8DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!GetKeyState                                                      767D8CB1 5 Bytes  JMP 68C8D323 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!IsDialogMessageW                                                 767E0745 5 Bytes  JMP 68BB59CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CreateDialogParamA                                               767E17AA 5 Bytes  JMP 68D85D83 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!IsDialogMessage                                                  767E1847 5 Bytes  JMP 68D8561F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CreateDialogIndirectParamA                                       767E26F1 5 Bytes  JMP 68D85DBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CreateDialogIndirectParamW                                       767E9A62 5 Bytes  JMP 68D85DF1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!SetKeyboardState                                                 767F0987 5 Bytes  JMP 68D8598E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DialogBoxParamW                                                  767F10B0 5 Bytes  JMP 68BB54BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DialogBoxIndirectParamW                                          767F2EF5 5 Bytes  JMP 68D85117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!SendInput                                                        767F2F75 5 Bytes  JMP 68D8654B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!EndDialog                                                        767F326E 5 Bytes  JMP 68BB7E76 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!SetCursorPos                                                     76806FB2 5 Bytes  JMP 68D8659F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DialogBoxParamA                                                  76808152 5 Bytes  JMP 68D850B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DialogBoxIndirectParamA                                          7680847D 5 Bytes  JMP 68D8517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!MessageBoxIndirectA                                              7681D4D9 5 Bytes  JMP 68D85049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!MessageBoxIndirectW                                              7681D5D3 5 Bytes  JMP 68D84FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!MessageBoxExA                                                    7681D639 5 Bytes  JMP 68D84F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!MessageBoxExW                                                    7681D65D 5 Bytes  JMP 68D84F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!keybd_event                                                      7681D972 5 Bytes  JMP 68D868CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] SHELL32.dll!SHRestricted + D95                                              771889A8 4 Bytes  [4D, 30, 17, 6A]
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] SHELL32.dll!SHRestricted + D9D                                              771889B0 8 Bytes  [57, 2F, 17, 6A, 9C, 5B, 16, ...]
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] ole32.dll!OleLoadFromStream                                                 76301E80 5 Bytes  JMP 68D8547F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] ole32.dll!CoCreateInstance                                                  76339F3E 5 Bytes  JMP 68C8DBB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CreateWindowExW                                                  767D1305 5 Bytes  JMP 68C8DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DialogBoxParamW                                                  767F10B0 5 Bytes  JMP 68BB54BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DialogBoxIndirectParamW                                          767F2EF5 5 Bytes  JMP 68D85117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DialogBoxParamA                                                  76808152 5 Bytes  JMP 68D850B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DialogBoxIndirectParamA                                          7680847D 5 Bytes  JMP 68D8517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxIndirectA                                              7681D4D9 5 Bytes  JMP 68D85049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxIndirectW                                              7681D5D3 5 Bytes  JMP 68D84FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxExA                                                    7681D639 5 Bytes  JMP 68D84F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxExW                                                    7681D65D 5 Bytes  JMP 68D84F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                                7713B37C 4 Bytes  [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                           Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cd8816                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cd8816@0022a946c968                                          0x82 0x53 0x49 0x35 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cd8816@001fe4f3b247                                          0x27 0xBC 0x7B 0xE8 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cd8816@0014a774b664                                          0x73 0x08 0x07 0x7D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                               C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                               0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                            0x97 0x21 0xEB 0x41 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                      0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                   0x79 0x35 0xAE 0x7E ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                             0x98 0xE3 0x73 0xA1 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cd8816 (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cd8816@0022a946c968                                              0x82 0x53 0x49 0x35 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cd8816@001fe4f3b247                                              0x27 0xBC 0x7B 0xE8 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cd8816@0014a774b664                                              0x73 0x08 0x07 0x7D ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                              
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                   C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                   0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                0x97 0x21 0xEB 0x41 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                       0x79 0x35 0xAE 0x7E ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)               
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                 0x98 0xE3 0x73 0xA1 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE2C6785-0A3D-672C-5577-E57826722AE6}                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE2C6785-0A3D-672C-5577-E57826722AE6}@halhgbinmaafheop  0x6B 0x61 0x62 0x62 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE2C6785-0A3D-672C-5577-E57826722AE6}@gaehllbfdokfhn    0x61 0x63 0x69 0x62 ...

---- EOF - GMER 1.0.15 ----

gerry10 · 28.04.2011, 06:27

also ich denke, wir haben schon echte fortschritte gemacht.
die ganzen fehlermeldungen wie: "Ein kritischer Fehler der Festplatte...",
"Fehler der Festplatte, Ram Speicher nutzung ist kritisch hoch...",
"das system hat ein problem mit einem oder mehreren installierten IDE/SATA-festplatten erkannt..."
kommen nicht mehr und die kiste bewegt sich schon schneller.
der desktop ist allerdings noch schwarz und so gut wie alle sachen fehlen weiterhin.

Danke für die hilfe bis jetzt!!!

Swisstreasure · 28.04.2011, 07:01

Schritt 1

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. (Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Schritt 2

Unter den Eigenschaften der betroffenen Benutzerordner das Häkchen bei "versteckt" entfernen
und diese Änderung für sämtl. Unterordner und Dateien mit übernehmen

Schritt 3

Da wir in der Registry Änderungen vornehmen müssen, wirst Du die Registry vorher wie folgt sichern:
Lade das Tool ERUNT von Lars Hederer herunter und installiere es. Starte die erunt.exe und erstelle damit eine Backup der Registry in den vorgegebenen Ordner. Unter Sicherungsoptionen bitte alle drei Möglichkeiten anhaken. Das Programm nicht in den Systemstart aufnehmen.

Schritt 4

Über "regedit" (eingeben im Suchfeld beiM Startmenü)
nach "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" navigieren.
Dort beim Eintrag "NoDesktop" den Wert von 1 auf 0 ändern.
Regedit verlassen.

Schritt 5

Scanne erneut mit Malwarebytes und poste das Log. (Fullscan)

gerry10 · 28.04.2011, 07:42

also unhide.exe habe ich ausgeführt aber alles ist noch nicht wieder da.

auf dem desktop fehlen noch ein einige und in der taskleiste auch.

habe mal ein bild vom desktop und der taskleiste angehängt.

Swisstreasure · 28.04.2011, 10:40

Dann mach einmal Schritt 2 - 5

gerry10 · 28.04.2011, 17:44

also schritt 2 und 3 habe ich gemacht aber ich komme nicht dahin wo ich hin navigieren soll.

ich komme nur bis hier

Swisstreasure · 28.04.2011, 20:58

Ok dann lass es einmal und mach hier weiter:

Schritt 1

Dowloade Dir bitte TDSS Killer.zip und speichere es am Desktop.
Extrahiere den Inhalt der Datei auf deinem Desktop.
Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.
- Schließe alle laufenden Programme.
- Trenne dich von Internet.
- Deaktiviere deine AntiViren Software.
Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Drücke auf Start scan.
Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
Wenn das Tool fertig ist, poppt ein Fenster mit den Funden auf.
Dieses bitte einfach schließen.
Nun auf Report klicken.
Bitte poste mir den Inhalt hier in deinen Thread.
(auch zu finden unter C:\TDSSKiller<time_date>.txt)

gerry10 · 28.04.2011, 21:04

hallo,
hier das ergebnis

Code:

ATTFilter

2011/04/28 22:02:02.0860 1992	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/28 22:02:02.0876 1992	================================================================================
2011/04/28 22:02:02.0876 1992	SystemInfo:
2011/04/28 22:02:02.0876 1992	
2011/04/28 22:02:02.0876 1992	OS Version: 6.0.6002 ServicePack: 2.0
2011/04/28 22:02:02.0876 1992	Product type: Workstation
2011/04/28 22:02:02.0876 1992	ComputerName: TONIS-SCHLEPPI
2011/04/28 22:02:02.0876 1992	UserName: Toni
2011/04/28 22:02:02.0876 1992	Windows directory: C:\Windows
2011/04/28 22:02:02.0876 1992	System windows directory: C:\Windows
2011/04/28 22:02:02.0876 1992	Processor architecture: Intel x86
2011/04/28 22:02:02.0876 1992	Number of processors: 2
2011/04/28 22:02:02.0876 1992	Page size: 0x1000
2011/04/28 22:02:02.0876 1992	Boot type: Normal boot
2011/04/28 22:02:02.0876 1992	================================================================================
2011/04/28 22:02:03.0125 1992	Initialize success
2011/04/28 22:02:07.0462 0268	================================================================================
2011/04/28 22:02:07.0462 0268	Scan started
2011/04/28 22:02:07.0462 0268	Mode: Manual; 
2011/04/28 22:02:07.0462 0268	================================================================================
2011/04/28 22:02:09.0069 0268	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/28 22:02:09.0116 0268	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/28 22:02:09.0147 0268	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/28 22:02:09.0178 0268	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/28 22:02:09.0194 0268	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/28 22:02:09.0256 0268	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/28 22:02:09.0334 0268	AgereSoftModem  (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/04/28 22:02:09.0397 0268	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/28 22:02:09.0412 0268	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/28 22:02:09.0443 0268	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/28 22:02:09.0475 0268	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/28 22:02:09.0521 0268	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/28 22:02:09.0537 0268	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/28 22:02:09.0568 0268	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/28 22:02:09.0662 0268	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/28 22:02:09.0693 0268	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/28 22:02:09.0709 0268	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/28 22:02:09.0740 0268	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/28 22:02:09.0771 0268	ATSWPDRV        (73742099982cf514512e1941f2862c33) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2011/04/28 22:02:09.0818 0268	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/28 22:02:09.0849 0268	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/28 22:02:09.0880 0268	b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/28 22:02:09.0896 0268	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/28 22:02:09.0943 0268	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/28 22:02:10.0021 0268	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/28 22:02:10.0036 0268	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/28 22:02:10.0052 0268	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/28 22:02:10.0099 0268	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/28 22:02:10.0114 0268	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/28 22:02:10.0130 0268	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/28 22:02:10.0161 0268	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/28 22:02:10.0192 0268	BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/28 22:02:10.0223 0268	BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/28 22:02:10.0255 0268	BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/28 22:02:10.0301 0268	BTHPORT         (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/04/28 22:02:10.0333 0268	BTHUSB          (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/28 22:02:10.0379 0268	btwaudio        (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
2011/04/28 22:02:10.0395 0268	btwavdt         (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
2011/04/28 22:02:10.0426 0268	btwrchid        (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/28 22:02:10.0457 0268	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/28 22:02:10.0489 0268	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/28 22:02:10.0551 0268	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/28 22:02:10.0598 0268	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/28 22:02:10.0629 0268	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/28 22:02:10.0660 0268	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/28 22:02:10.0707 0268	cmnsusbser      (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys
2011/04/28 22:02:10.0738 0268	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/28 22:02:10.0754 0268	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/28 22:02:10.0785 0268	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/28 22:02:10.0863 0268	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/28 22:02:10.0910 0268	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/28 22:02:10.0957 0268	DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/04/28 22:02:10.0988 0268	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/28 22:02:11.0035 0268	DslMNLwf        (e577b5c4a6be078e5445cdcfb65be7ab) C:\Windows\system32\DRIVERS\dslmnlwf.sys
2011/04/28 22:02:11.0050 0268	dsltestSp5      (c6b2e10cfe79169c72f0269087b9a603) C:\Windows\system32\Drivers\dsltestSp5.sys
2011/04/28 22:02:11.0097 0268	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/28 22:02:11.0144 0268	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/28 22:02:11.0191 0268	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/28 22:02:11.0253 0268	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/28 22:02:11.0300 0268	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/28 22:02:11.0362 0268	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/28 22:02:11.0409 0268	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/28 22:02:11.0440 0268	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/28 22:02:11.0471 0268	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/28 22:02:11.0487 0268	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/28 22:02:11.0534 0268	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/28 22:02:11.0596 0268	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/28 22:02:11.0627 0268	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/28 22:02:11.0643 0268	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/28 22:02:11.0674 0268	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\drivers\GEARAspiWDM.sys
2011/04/28 22:02:11.0721 0268	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/28 22:02:11.0752 0268	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/28 22:02:11.0908 0268	HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/28 22:02:12.0033 0268	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/28 22:02:12.0064 0268	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/28 22:02:12.0095 0268	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/28 22:02:12.0127 0268	HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/04/28 22:02:12.0173 0268	HSF_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/04/28 22:02:12.0236 0268	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/28 22:02:12.0267 0268	hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/28 22:02:12.0298 0268	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/28 22:02:12.0329 0268	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/28 22:02:12.0361 0268	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/28 22:02:12.0407 0268	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/28 22:02:12.0485 0268	int15           (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
2011/04/28 22:02:12.0563 0268	IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/28 22:02:12.0641 0268	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/28 22:02:12.0673 0268	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/28 22:02:12.0704 0268	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/28 22:02:12.0751 0268	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/28 22:02:12.0782 0268	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/28 22:02:12.0844 0268	irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/04/28 22:02:12.0860 0268	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/28 22:02:12.0891 0268	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/28 22:02:12.0922 0268	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/28 22:02:12.0953 0268	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/28 22:02:12.0969 0268	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/28 22:02:13.0016 0268	JMCR            (dedb6cc1b166928a8f3f68def1766db0) C:\Windows\system32\DRIVERS\jmcr.sys
2011/04/28 22:02:13.0047 0268	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/28 22:02:13.0078 0268	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/28 22:02:13.0109 0268	KMWDFILTER      (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/04/28 22:02:13.0156 0268	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/28 22:02:13.0234 0268	LEqdUsb         (70035567754bed4e6ad353ca3f175127) C:\Windows\system32\Drivers\LEqdUsb.Sys
2011/04/28 22:02:13.0265 0268	LHidEqd         (32491b6bae0afad1d7a62c0ef0af4321) C:\Windows\system32\Drivers\LHidEqd.Sys
2011/04/28 22:02:13.0328 0268	LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/28 22:02:13.0359 0268	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/28 22:02:13.0390 0268	LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/28 22:02:13.0437 0268	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/28 22:02:13.0468 0268	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/28 22:02:13.0499 0268	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/28 22:02:13.0546 0268	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/28 22:02:13.0593 0268	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/28 22:02:13.0624 0268	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/28 22:02:13.0671 0268	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/28 22:02:13.0687 0268	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/28 22:02:13.0702 0268	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/28 22:02:13.0718 0268	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/28 22:02:13.0749 0268	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/28 22:02:13.0780 0268	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/28 22:02:13.0796 0268	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/28 22:02:13.0843 0268	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/28 22:02:13.0889 0268	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/28 22:02:13.0936 0268	mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/28 22:02:13.0967 0268	mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/28 22:02:13.0983 0268	mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/28 22:02:14.0030 0268	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/04/28 22:02:14.0061 0268	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/28 22:02:14.0092 0268	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/28 22:02:14.0123 0268	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/28 22:02:14.0155 0268	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/28 22:02:14.0186 0268	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/28 22:02:14.0201 0268	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/28 22:02:14.0248 0268	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/28 22:02:14.0279 0268	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/28 22:02:14.0311 0268	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/28 22:02:14.0326 0268	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/28 22:02:14.0373 0268	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/28 22:02:14.0435 0268	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/28 22:02:14.0498 0268	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/28 22:02:14.0513 0268	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/28 22:02:14.0560 0268	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/28 22:02:14.0607 0268	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/28 22:02:14.0654 0268	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/28 22:02:14.0701 0268	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/28 22:02:14.0841 0268	NETw5v32        (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/04/28 22:02:14.0950 0268	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/28 22:02:15.0028 0268	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/28 22:02:15.0044 0268	NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/04/28 22:02:15.0075 0268	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/28 22:02:15.0153 0268	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/28 22:02:15.0200 0268	NTIDrvr         (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/04/28 22:02:15.0215 0268	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/28 22:02:15.0231 0268	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/28 22:02:15.0278 0268	NVHDA           (2c7ac27710e8d41c1eb7d1599187d237) C:\Windows\system32\drivers\nvhda32v.sys
2011/04/28 22:02:15.0449 0268	nvlddmkm        (cb0d6f8f65b8766ff2aaaa78881fd9f8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/28 22:02:15.0512 0268	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/28 22:02:15.0543 0268	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/28 22:02:15.0590 0268	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/28 22:02:15.0652 0268	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/28 22:02:15.0699 0268	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/28 22:02:15.0746 0268	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/28 22:02:15.0777 0268	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/28 22:02:15.0808 0268	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/28 22:02:15.0839 0268	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/28 22:02:15.0871 0268	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/28 22:02:15.0917 0268	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/28 22:02:16.0027 0268	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/28 22:02:16.0058 0268	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/28 22:02:16.0120 0268	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/28 22:02:16.0167 0268	PSDFilter       (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/04/28 22:02:16.0183 0268	PSDNServ        (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/04/28 22:02:16.0214 0268	psdvdisk        (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/04/28 22:02:16.0261 0268	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/28 22:02:16.0323 0268	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/28 22:02:16.0354 0268	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/28 22:02:16.0370 0268	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/28 22:02:16.0401 0268	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/28 22:02:16.0432 0268	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/28 22:02:16.0495 0268	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/28 22:02:16.0526 0268	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/28 22:02:16.0573 0268	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/28 22:02:16.0588 0268	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/28 22:02:16.0619 0268	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/28 22:02:16.0651 0268	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/28 22:02:16.0682 0268	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/28 22:02:16.0729 0268	RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/28 22:02:16.0775 0268	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/28 22:02:16.0822 0268	s217bus         (0266151de3f36429f6ac3c4b28085061) C:\Windows\system32\DRIVERS\s217bus.sys
2011/04/28 22:02:16.0853 0268	s217mdfl        (a43c0af0e46be7ef0c7e8ccf0f058600) C:\Windows\system32\DRIVERS\s217mdfl.sys
2011/04/28 22:02:16.0885 0268	s217mdm         (005f5ded1ed8f8a9d2399d765ead20f1) C:\Windows\system32\DRIVERS\s217mdm.sys
2011/04/28 22:02:16.0916 0268	s217nd5         (11cc5d7f992799e7e75d018e9c018563) C:\Windows\system32\DRIVERS\s217nd5.sys
2011/04/28 22:02:16.0931 0268	s217obex        (0f9f4045799afb66b85eef999d0609ec) C:\Windows\system32\DRIVERS\s217obex.sys
2011/04/28 22:02:16.0947 0268	s217unic        (1c91e1023f07b6407d84b5a43537d984) C:\Windows\system32\DRIVERS\s217unic.sys
2011/04/28 22:02:16.0994 0268	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/28 22:02:17.0041 0268	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/28 22:02:17.0072 0268	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/28 22:02:17.0103 0268	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/28 22:02:17.0134 0268	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/28 22:02:17.0150 0268	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/28 22:02:17.0181 0268	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/28 22:02:17.0212 0268	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/28 22:02:17.0243 0268	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/28 22:02:17.0259 0268	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/28 22:02:17.0290 0268	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/28 22:02:17.0321 0268	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/28 22:02:17.0353 0268	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/28 22:02:17.0399 0268	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/28 22:02:17.0462 0268	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/28 22:02:17.0524 0268	sptd            (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
2011/04/28 22:02:17.0587 0268	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/28 22:02:17.0665 0268	srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/28 22:02:17.0727 0268	srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/28 22:02:17.0774 0268	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/28 22:02:17.0805 0268	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/28 22:02:17.0852 0268	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/28 22:02:17.0867 0268	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/28 22:02:17.0899 0268	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/28 22:02:17.0914 0268	SynTP           (32e8b307f0e9f72b66b518fd62eab91e) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/28 22:02:18.0008 0268	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/28 22:02:18.0070 0268	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/28 22:02:18.0117 0268	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/28 22:02:18.0148 0268	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/28 22:02:18.0179 0268	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/28 22:02:18.0226 0268	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/28 22:02:18.0257 0268	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/28 22:02:18.0304 0268	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/28 22:02:18.0335 0268	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/28 22:02:18.0367 0268	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/28 22:02:18.0413 0268	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/28 22:02:18.0460 0268	UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/04/28 22:02:18.0507 0268	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/28 22:02:18.0538 0268	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/28 22:02:18.0569 0268	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/28 22:02:18.0601 0268	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/28 22:02:18.0647 0268	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/28 22:02:18.0679 0268	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/28 22:02:18.0741 0268	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/28 22:02:18.0788 0268	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/28 22:02:18.0803 0268	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/28 22:02:18.0866 0268	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/28 22:02:18.0897 0268	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/28 22:02:18.0944 0268	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/28 22:02:18.0975 0268	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/28 22:02:19.0022 0268	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/28 22:02:19.0069 0268	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/28 22:02:19.0100 0268	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/28 22:02:19.0131 0268	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/28 22:02:19.0162 0268	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/28 22:02:19.0193 0268	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/28 22:02:19.0225 0268	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/28 22:02:19.0240 0268	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/28 22:02:19.0271 0268	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/28 22:02:19.0287 0268	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/28 22:02:19.0349 0268	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/28 22:02:19.0396 0268	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/28 22:02:19.0427 0268	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/28 22:02:19.0459 0268	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/28 22:02:19.0490 0268	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/28 22:02:19.0490 0268	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/28 22:02:19.0537 0268	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/28 22:02:19.0568 0268	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/28 22:02:19.0661 0268	winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/04/28 22:02:19.0708 0268	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/28 22:02:19.0771 0268	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/28 22:02:19.0802 0268	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/28 22:02:19.0864 0268	WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/04/28 22:02:19.0911 0268	WSDScan         (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/04/28 22:02:19.0958 0268	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/28 22:02:20.0020 0268	xusb21          (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\Windows\system32\DRIVERS\xusb21.sys
2011/04/28 22:02:20.0036 0268	yukonwlh        (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/04/28 22:02:20.0129 0268	================================================================================
2011/04/28 22:02:20.0129 0268	Scan finished
2011/04/28 22:02:20.0129 0268	================================================================================

Swisstreasure · 28.04.2011, 21:12

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

gerry10 · 28.04.2011, 21:38

hier ist es

Code:

ATTFilter

ComboFix 11-04-28.01 - Toni 28.04.2011  22:17:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1794 [GMT 2:00]
ausgeführt von:: c:\users\Toni\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\users\Nadine\AppData\Roaming\.#
c:\users\Toni\AppData\Roaming\.#
c:\users\Toni\AppData\Roaming\.#\MBX@16D0@282990.###
c:\users\Toni\AppData\Roaming\.#\MBX@16D0@2829C0.###
c:\users\Toni\AppData\Roaming\.#\MBX@16D0@2829F0.###
c:\users\Toni\AppData\Roaming\avdrn.dat
c:\windows\system32\midas.dll
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-28 bis 2011-04-28  ))))))))))))))))))))))))))))))
.
.
2011-04-28 20:22 . 2011-04-28 20:26	--------	d-----w-	c:\users\Toni\AppData\Local\temp
2011-04-27 19:14 . 2011-04-27 19:14	--------	d-----w-	c:\program files\ERUNT
2011-04-27 15:22 . 2011-04-27 15:22	--------	d-----w-	c:\users\Toni\AppData\Roaming\Malwarebytes
2011-04-27 15:22 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 15:21 . 2011-04-27 15:21	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-27 15:21 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-27 15:21 . 2011-04-27 19:47	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-27 15:07 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-27 15:07 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 15:07 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-26 14:40 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C64EC63-7762-47E8-B264-585093B63825}\mpengine.dll
2011-04-19 05:46 . 2011-04-19 05:46	--------	d-----w-	c:\program files\iPod
2011-04-19 05:46 . 2011-04-19 05:47	--------	d-----w-	c:\program files\iTunes
2011-04-19 05:44 . 2011-04-19 05:44	--------	d-----w-	c:\program files\Bonjour
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	75040	----a-w-	c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20	197920	----a-w-	c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-04-01 19:27 . 2011-04-01 19:27	--------	d-----w-	c:\users\Toni\AppData\Roaming\Simfy
2011-04-01 19:27 . 2011-04-01 19:27	--------	d-----w-	c:\program files\simfy
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-03 14:06 . 2009-08-18 09:30	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-03 14:06 . 2009-08-18 09:24	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-16 18:35 . 2010-04-17 08:45	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-03 15:40 . 2011-04-27 15:07	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 15:07	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 15:07	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 15:07	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-22 19:27	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-22 19:27	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-22 19:27	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-02-18 15:36 . 2011-02-18 15:36	41984	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
2011-02-02 16:11 . 2009-10-03 08:39	222080	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58	3913000	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-11-13 20:58	3913000	----a-w-	c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-19 13543968]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 6111232]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-16 3667968]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\T-Online\DSL-Manager\DslMgr.exe [2008-11-2 1085440]
.
c:\users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk -  [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-17 813584]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\T-Online\DSL-Manager\DslMgr.exe [2008-11-2 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-16 17:36	3110912	----a-w-	c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"starter4g"=c:\windows\starter4g.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2010-10-16 103424]
R3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys [2007-09-12 26816]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]
R3 TDslMgrService;DSL-Manager;c:\program files\T-Online\DSL-Manager\DslMgrSvc.exe [2008-10-23 307200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-10-29 717296]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 16448]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-10-16 3517440]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 Prosieben;maxdome Download Manager;c:\program files\maxdome\DCBin\DCService.exe [2009-05-01 77032]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-05-03 145064]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-28 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]
.
2011-04-27 c:\windows\Tasks\User_Feed_Synchronization-{17657013-1DD7-4F20-A29C-8ACF8A4BCC3C}.job
- c:\windows\system32\msfeedssync.exe [2011-04-13 04:43]
.
2011-04-28 c:\windows\Tasks\User_Feed_Synchronization-{4CA0E136-6AAF-4555-9DA6-79992AB719F2}.job
- c:\windows\system32\msfeedssync.exe [2011-04-13 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_5930
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: gamepoint.de\www
Trusted Zone: navigram.com\www
DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} - hxxps://account.maxdome.de/presentation/script/HWTest.CAB
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan-canvasx.cab
DPF: {98474E4F-5229-4CAC-9E28-6D52D992268D} - hxxp://kpscdhaendler.ar-live.de/afc-frontend/main/Setup_AFC_ONLINE_2_7_0_3_STANDARD.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-28 22:26
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Prosieben]
"ImagePath"="\"c:\program files\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1215369525-1028455303-3733899402-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE2C6785-0A3D-672C-5577-E57826722AE6}*]
"halhgbinmaafheop"=hex:6b,61,62,62,65,69,69,66,6b,6d,66,65,67,6a,62,6e,63,61,
   69,65,6d,70,00,00
"gaehllbfdokfhn"=hex:61,63,69,62,6b,6a,70,6d,62,6b,64,69,68,64,67,70,6a,6b,6d,
   66,63,63,6c,6f,6a,6f,68,6c,65,6d,6d,70,68,6f,62,67,70,6c,63,62,70,65,6e,64,\
.
[HKEY_USERS\S-1-5-21-1215369525-1028455303-3733899402-1000\Software\SecuROM\License information*]
"datasecu"=hex:77,59,2c,ba,bd,fa,ac,7b,10,66,69,17,fe,61,d5,83,b0,fb,95,63,b9,
   5f,02,39,3f,25,56,0a,e5,47,03,eb,50,88,d1,74,f7,6e,6c,cb,38,6d,53,15,0c,96,\
"rkeysecu"=hex:33,a4,31,db,1c,09,e2,6c,c1,53,98,cd,52,c3,21,e7
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3564)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-28  22:34:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-28 20:34
.
Vor Suchlauf: 16 Verzeichnis(se), 67.646.935.040 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 68.626.829.312 Bytes frei
.
- - End Of File - - 63A758C39E9C3283DC310627D8082ECC

27.04.2011, 22:59	#5
Swisstreasure /// Malwareteam	Trojaner TR/Kazy.mekml.1 Mach bei Schritt 3 weiter. Danach gib eine Rückmeldung wie die Kiste läuft.

28.04.2011, 10:40	#10
Swisstreasure /// Malwareteam	Trojaner TR/Kazy.mekml.1 Dann mach einmal Schritt 2 - 5

Trojaner TR/Kazy.mekml.1

Log-Analyse und Auswertung: Trojaner TR/Kazy.mekml.1