Problem mit java(Java/trojanerDownloader.....)

Andre1990 · 30.05.2011, 21:11

Hallo leute eben hab ich unten rechts ne medlung von java bekommen und kurz darauf hat mein antiviren programm(eset smart security) folgendes gemacht,

hat die verbindung sozusagen "unterbrochen" und folgendes verhindert(gestoppt) siehe Bild:

falls das bild nicht zu sehn ist hier ein externer link zum hochgeladenen bild hxxp://www.imagebanana.com/view/dldm8331/java.png
kann mir bitte jemand helfen, was genau ist das? hatte kein download gestartet etc, nur i eine meldung von java war kurz zusehn.WIe kann ich sowas in zukunft ganz vermeiden Bitte um hilfe.

Danke

Mist tut mir leid falscher bereich bitte verschieben

Edit:
Beiträge zusammengelegt und ins richtige Unterforum verschoben
Gruß cad

---------------Push------------------------

Hilfe bitte

weiß keiner eine Lsöung? bzw vorschlag?

cosinus · 31.05.2011, 20:12

Kannste das Bild mal woanders hochladen? Am besten => Saved.im
Imagebanane lädt nicht.

Andre1990 · 31.05.2011, 20:42

Guten abend, Arne.
ich habe das bild mal auf der oben genanten seite hochgeladen hoffe sie können mir weiterhelfen

.

hxxp://saved.im/mtgyntk5ohfv/java.html

wollte mich auch nochmal entschuldigen das ich so oft gepusht habe wusste auch nicht das es verwarnungen dafür gibt. Hab mir nur sehr große sorgen gemacht was das sein könnte.

Mfg Andre

cosinus · 31.05.2011, 21:12

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL-Custom:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Andre1990 · 31.05.2011, 21:25

kleine frage

Zitat:

Schliesse bitte nun alle Programme. (Wichtig)

auch antiviren programm? logs kommen gleich

cosinus · 31.05.2011, 21:39

Ja, bitte zumindest für OTL deaktivieren.

Andre1990 · 31.05.2011, 22:43

Hier der Malwarebytes log kommt mir etwas kurz vor aber ich kenn mich da net aus,

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6736

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.05.2011 23:39:14
mbam-log-2011-05-31 (23-39-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 277624
Laufzeit: 1 Stunde(n), 13 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Andre\AppData\Local\Xenocode\Sandbox\1.0.0.0\2011.02.24t02.29\Virtual\STUBEXE\@appdata@\server2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Andre\AppData\Local\Xenocode\Sandbox\1.0.0.0\2011.02.24t02.29\Virtual\STUBEXE\@appdatalocal@\Temp\IXP000.TMP\server2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Andre1990 · 31.05.2011, 23:10

OTL LOGOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 31.05.2011 23:47:00 - Run 3
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Andre\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,96% Memory free
3,50 Gb Paging File | 2,48 Gb Available in Paging File | 71,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,52 Gb Total Space | 16,24 Gb Free Space | 23,36% Space Free | Partition Type: NTFS
Drive D: | 66,00 Gb Total Space | 35,88 Gb Free Space | 54,36% Space Free | Partition Type: NTFS
Drive E: | 566,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MEIN-PC | User Name: Andre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.31 22:23:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe
PRC - [2011.04.21 11:22:07 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Andre\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.02.16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.31 22:23:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe
MOD - [2011.04.08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.02.16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.02.03 17:44:27 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.12.21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.12.21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010.12.21 13:47:38 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2010.12.21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.08.17 14:49:43 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.08.06 17:52:54 | 000,016,896 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\InputFilter_FlexDef2c.sys -- (InputFilter_Hid_FlexDef2c) Siliten HID Devices(FlexDef2c)
DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.24 00:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.20 20:39:20 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.06.15 15:01:00 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009.05.12 16:53:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUsb.sys -- (FlashUSB)
DRV - [2009.05.04 22:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.04.03 07:39:58 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.07.10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008.04.29 02:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.02.27 20:36:02 | 000,141,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 F9 98 F5 BC 96 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.05.28 20:33:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.08 20:23:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.16 19:06:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.04.22 19:34:37 | 000,000,000 | ---D | M]
 
[2010.01.15 20:01:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andre\AppData\Roaming\mozilla\Extensions
[2011.05.10 07:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\k2veblcu.default\extensions
[2011.04.23 19:41:15 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\k2veblcu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.10 07:12:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\k2veblcu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.05 21:16:46 | 000,002,252 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\k2veblcu.default\searchplugins\askcom.xml
[2011.05.31 15:48:21 | 000,000,950 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\k2veblcu.default\searchplugins\icqplugin-1.xml
[2011.04.23 19:41:14 | 000,000,168 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\k2veblcu.default\searchplugins\icqplugin.gif
[2011.04.23 19:41:14 | 000,000,618 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\k2veblcu.default\searchplugins\icqplugin.src
[2011.05.04 21:26:00 | 000,001,056 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\k2veblcu.default\searchplugins\icqplugin.xml
[2011.05.15 18:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.18 17:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.18 17:57:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.06 11:38:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.15 18:16:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.05.28 20:33:18 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011.05.08 20:22:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.05.08 20:22:54 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.08 20:22:54 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011.05.08 20:22:54 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.08 20:22:54 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.04.23 23:50:00 | 000,001,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2011.05.08 20:22:54 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.08 20:22:54 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.15 23:44:53 | 000,434,100 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14938 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Launch SilverCrest GML807] C:\Program Files\SilverCrest GML807 Driver\MouClient_FD2_1001RL.exe (Siliten)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28bc041c-a00f-11df-b021-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{28bc041c-a00f-11df-b021-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6f537000-86ea-11df-abbd-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{6f537000-86ea-11df-abbd-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6f537002-86ea-11df-abbd-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{6f537002-86ea-11df-abbd-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{898495b3-9597-11df-95ca-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{898495b3-9597-11df-95ca-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{898495b5-9597-11df-95ca-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{898495b5-9597-11df-95ca-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{898497fe-9597-11df-95ca-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{898497fe-9597-11df-95ca-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d05e8afd-696d-11df-bcf1-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{d05e8afd-696d-11df-bcf1-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d05e8b02-696d-11df-bcf1-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{d05e8b02-696d-11df-bcf1-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f116a294-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{f116a294-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f116a299-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{f116a299-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f116a2b6-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{f116a2b6-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Andre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip -  - File not found
MsConfig - State: "bootini" - 0
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.31 22:22:43 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe
[2011.05.31 22:21:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.31 22:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.31 22:21:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.31 22:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.05.31 22:17:33 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Andre\Desktop\mbam-setup.exe
[2011.05.21 22:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011.05.21 22:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2011.05.16 19:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.05.16 19:04:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.05.16 15:36:45 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\wichtige tools
[2011.05.15 23:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.05.15 23:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.05.15 23:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.05.15 22:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.05.15 22:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.05.15 18:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.05.11 18:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.05.11 17:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5
[2011.05.07 00:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Era
[2010.01.26 21:58:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Andre\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.31 23:39:24 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fbwvq.sys
[2011.05.31 22:23:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe
[2011.05.31 22:21:13 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.31 22:20:17 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Andre\Desktop\mbam-setup.exe
[2011.05.31 16:05:29 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.31 16:05:29 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.31 15:45:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.30 22:07:51 | 000,149,864 | ---- | M] () -- C:\Users\Andre\Desktop\java.png
[2011.05.30 22:07:37 | 000,149,864 | ---- | M] () -- C:\Users\Andre\Desktop\java.dib
[2011.05.28 00:02:07 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.21 22:13:56 | 000,001,409 | ---- | M] () -- C:\Windows\System32\tmpC6DAC.FOT
[2011.05.21 22:13:56 | 000,001,409 | ---- | M] () -- C:\Windows\System32\tmpACDAC.FOT
[2011.05.21 22:13:56 | 000,001,409 | ---- | M] () -- C:\Windows\System32\tmp9FDAC.FOT
[2011.05.21 22:13:56 | 000,001,409 | ---- | M] () -- C:\Windows\System32\tmp73EAC.FOT
[2011.05.21 22:13:56 | 000,001,409 | ---- | M] () -- C:\Windows\System32\tmp3EEAC.FOT
[2011.05.20 15:18:21 | 000,709,178 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.20 15:18:21 | 000,672,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.20 15:18:21 | 000,150,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.20 15:18:21 | 000,127,970 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.16 19:06:04 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.05.16 15:45:15 | 000,007,605 | ---- | M] () -- C:\Users\Andre\AppData\Local\resmon.resmoncfg
[2011.05.15 23:44:53 | 000,434,100 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.11 18:02:15 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.05.07 00:02:07 | 000,000,561 | ---- | M] () -- C:\Users\Public\Desktop\Shadow Era.lnk
 
========== Files Created - No Company Name ==========
 
[2011.05.31 23:39:24 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\fbwvq.sys
[2011.05.31 22:21:13 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.30 22:07:50 | 000,149,864 | ---- | C] () -- C:\Users\Andre\Desktop\java.png
[2011.05.30 22:05:26 | 000,149,864 | ---- | C] () -- C:\Users\Andre\Desktop\java.dib
[2011.05.21 22:13:56 | 000,001,409 | ---- | C] () -- C:\Windows\System32\tmpC6DAC.FOT
[2011.05.21 22:13:56 | 000,001,409 | ---- | C] () -- C:\Windows\System32\tmpACDAC.FOT
[2011.05.21 22:13:56 | 000,001,409 | ---- | C] () -- C:\Windows\System32\tmp9FDAC.FOT
[2011.05.21 22:13:56 | 000,001,409 | ---- | C] () -- C:\Windows\System32\tmp73EAC.FOT
[2011.05.21 22:13:56 | 000,001,409 | ---- | C] () -- C:\Windows\System32\tmp3EEAC.FOT
[2011.05.21 22:11:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2011.05.21 22:11:06 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.05.21 22:11:06 | 000,035,840 | ---- | C] () -- C:\Windows\System32\comdlg32.oca
[2011.05.21 22:11:06 | 000,029,184 | ---- | C] () -- C:\Windows\System32\MSINET.oca
[2011.05.16 19:05:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.05.16 19:05:04 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.05.11 18:02:15 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.05.08 20:23:11 | 000,001,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.07 00:02:07 | 000,000,561 | ---- | C] () -- C:\Users\Public\Desktop\Shadow Era.lnk
[2011.04.08 13:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.02.03 22:12:29 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.12.08 18:50:23 | 000,000,600 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\winscp.rnd
[2010.12.08 17:38:05 | 000,000,600 | ---- | C] () -- C:\Users\Andre\AppData\Local\PUTTY.RND
[2010.05.22 23:33:01 | 000,000,188 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.03.28 18:43:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.13 17:26:38 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2010.01.26 21:58:08 | 000,007,887 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\pcouffin.cat
[2010.01.26 21:58:08 | 000,001,144 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\pcouffin.inf
[2010.01.23 18:42:11 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2010.01.23 18:42:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.01.23 18:42:05 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2010.01.23 18:42:02 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2010.01.23 18:42:00 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2010.01.16 09:26:52 | 000,007,605 | ---- | C] () -- C:\Users\Andre\AppData\Local\resmon.resmoncfg
[2010.01.15 20:40:32 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.01.15 20:40:32 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.01.15 20:40:32 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010.01.15 20:40:32 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010.01.15 20:20:55 | 000,107,276 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2010.01.15 20:20:55 | 000,000,632 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010.01.15 20:20:55 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010.01.15 20:20:55 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010.01.15 20:20:55 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010.01.15 20:20:55 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010.01.15 19:27:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.01.13 23:14:10 | 000,000,000 | ---- | C] () -- C:\Windows\popcreg.dat
[2010.01.13 23:14:10 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfot.dat
[2009.11.11 13:37:18 | 002,542,458 | ---- | C] () -- C:\Windows\System32\abgx360.exe
[2009.07.14 10:47:43 | 000,709,178 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,150,796 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,294,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,672,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,127,970 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.04.22 01:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.08.18 19:16:08 | 001,495,040 | ---- | C] () -- C:\Windows\System32\myodbc-installer.exe
[2008.08.18 18:16:08 | 001,634,304 | ---- | C] () -- C:\Windows\System32\myodbc5S.dll
 
========== LOP Check ==========
 
[2010.03.18 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Ashampoo
[2011.02.03 17:45:55 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\DAEMON Tools Lite
[2011.04.22 19:36:12 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ESET
[2011.05.31 22:23:44 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ICQ
[2010.01.29 14:24:55 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ImgBurn
[2010.01.27 18:04:37 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\log
[2010.12.16 18:17:08 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Nokia
[2011.03.08 23:01:01 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\OpenOffice.org
[2010.10.14 10:43:43 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\PC Suite
[2010.07.06 12:27:03 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ScreeNet iSaver
[2011.04.22 01:43:19 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\TeamViewer
[2011.04.30 23:33:36 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\TS3Client
[2010.12.16 18:21:32 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Vso
[2010.04.05 19:28:06 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\WebcamMax
[2011.03.18 15:43:54 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.07 16:06:54 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Adobe
[2010.04.05 12:04:09 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Apple Computer
[2010.03.18 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Ashampoo
[2011.02.03 17:45:55 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\DAEMON Tools Lite
[2011.04.22 19:36:12 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ESET
[2010.12.27 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Hamachi
[2011.05.31 22:23:44 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ICQ
[2010.01.29 14:24:55 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ImgBurn
[2010.01.15 20:40:17 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\InstallShield
[2010.01.27 18:04:37 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\log
[2010.01.15 20:50:58 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Macromedia
[2010.07.18 15:47:30 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Media Center Programs
[2011.03.08 20:11:06 | 000,000,000 | --SD | M] -- C:\Users\Andre\AppData\Roaming\Microsoft
[2010.01.15 20:01:39 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Mozilla
[2010.12.16 18:17:08 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Nokia
[2011.03.08 23:01:01 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\OpenOffice.org
[2010.10.14 10:43:43 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\PC Suite
[2010.07.06 12:27:03 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\ScreeNet iSaver
[2011.05.27 23:57:14 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Skype
[2011.05.27 23:51:22 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\skypePM
[2010.08.05 15:35:47 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\teamspeak2
[2011.04.22 01:43:19 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\TeamViewer
[2011.04.30 23:33:36 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\TS3Client
[2011.05.31 20:17:35 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\vlc
[2010.12.16 18:21:32 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Vso
[2010.04.05 19:28:06 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\WebcamMax
[2010.01.16 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\WinRAR
[2011.05.14 17:35:39 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Xfire
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.04.15 07:56:18 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=E331924FDF522CD7CEA1B647503784E8 -- C:\ACER\Preload\Autorun\DRV\ATI VGA\AHCI\x86\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---
das dick(groß geschriebene würde mich besonders interessieren was das fürn mist ist hoffe sie können mir helfen)

cosinus · 01.06.2011, 09:34

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28bc041c-a00f-11df-b021-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{28bc041c-a00f-11df-b021-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6f537000-86ea-11df-abbd-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{6f537000-86ea-11df-abbd-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6f537002-86ea-11df-abbd-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{6f537002-86ea-11df-abbd-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{898495b3-9597-11df-95ca-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{898495b3-9597-11df-95ca-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{898495b5-9597-11df-95ca-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{898495b5-9597-11df-95ca-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{898497fe-9597-11df-95ca-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{898497fe-9597-11df-95ca-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d05e8afd-696d-11df-bcf1-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{d05e8afd-696d-11df-bcf1-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d05e8b02-696d-11df-bcf1-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{d05e8b02-696d-11df-bcf1-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f116a294-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{f116a294-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f116a299-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{f116a299-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f116a2b6-5169-11df-86b7-001eec5d905c}\Shell - "" = AutoRun
O33 - MountPoints2\{f116a2b6-5169-11df-86b7-001eec5d905c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2011.05.31 23:39:24 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\fbwvq.sys
[2011.05.21 22:13:56 | 000,001,409 | ---- | M] () -- C:\Windows\System32\tmpC6DAC.FOT
[2011.05.21 22:13:56 | 000,001,409 | ---- | M] () -- C:\Windows\System32\tmpACDAC.FOT
[2011.05.21 22:13:56 | 000,001,409 | ---- | M] () -- C:\Windows\System32\tmp9FDAC.FOT
[2011.05.21 22:13:56 | 000,001,409 | ---- | M] () -- C:\Windows\System32\tmp73EAC.FOT
[2011.05.21 22:13:56 | 000,001,409 | ---- | M] () -- C:\Windows\System32\tmp3EEAC.FOT
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Andre1990 · 01.06.2011, 12:37

guten tag, arne hier der nächste log.

========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28bc041c-a00f-11df-b021-001eec5d905c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28bc041c-a00f-11df-b021-001eec5d905c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28bc041c-a00f-11df-b021-001eec5d905c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28bc041c-a00f-11df-b021-001eec5d905c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f537000-86ea-11df-abbd-001eec5d905c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f537000-86ea-11df-abbd-001eec5d905c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f537000-86ea-11df-abbd-001eec5d905c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f537000-86ea-11df-abbd-001eec5d905c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f537002-86ea-11df-abbd-001eec5d905c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f537002-86ea-11df-abbd-001eec5d905c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f537002-86ea-11df-abbd-001eec5d905c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f537002-86ea-11df-abbd-001eec5d905c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898495b3-9597-11df-95ca-001eec5d905c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898495b3-9597-11df-95ca-001eec5d905c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898495b3-9597-11df-95ca-001eec5d905c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898495b3-9597-11df-95ca-001eec5d905c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898495b5-9597-11df-95ca-001eec5d905c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898495b5-9597-11df-95ca-001eec5d905c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898495b5-9597-11df-95ca-001eec5d905c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898495b5-9597-11df-95ca-001eec5d905c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898497fe-9597-11df-95ca-001eec5d905c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898497fe-9597-11df-95ca-001eec5d905c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898497fe-9597-11df-95ca-001eec5d905c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898497fe-9597-11df-95ca-001eec5d905c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb9ac6e2-7633-11df-8a3c-001eec5d905c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d05e8afd-696d-11df-bcf1-001eec5d905c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d05e8afd-696d-11df-bcf1-001eec5d905c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d05e8afd-696d-11df-bcf1-001eec5d905c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d05e8afd-696d-11df-bcf1-001eec5d905c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d05e8b02-696d-11df-bcf1-001eec5d905c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d05e8b02-696d-11df-bcf1-001eec5d905c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d05e8b02-696d-11df-bcf1-001eec5d905c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d05e8b02-696d-11df-bcf1-001eec5d905c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f116a294-5169-11df-86b7-001eec5d905c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f116a294-5169-11df-86b7-001eec5d905c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f116a294-5169-11df-86b7-001eec5d905c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f116a294-5169-11df-86b7-001eec5d905c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f116a299-5169-11df-86b7-001eec5d905c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f116a299-5169-11df-86b7-001eec5d905c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f116a299-5169-11df-86b7-001eec5d905c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f116a299-5169-11df-86b7-001eec5d905c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f116a2b6-5169-11df-86b7-001eec5d905c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f116a2b6-5169-11df-86b7-001eec5d905c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f116a2b6-5169-11df-86b7-001eec5d905c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f116a2b6-5169-11df-86b7-001eec5d905c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
File C:\Windows\System32\drivers\fbwvq.sys not found.
C:\Windows\System32\tmpC6DAC.FOT moved successfully.
C:\Windows\System32\tmpACDAC.FOT moved successfully.
C:\Windows\System32\tmp9FDAC.FOT moved successfully.
C:\Windows\System32\tmp73EAC.FOT moved successfully.
C:\Windows\System32\tmp3EEAC.FOT moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06012011_133457

cosinus · 01.06.2011, 12:38

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Andre1990 · 01.06.2011, 12:45

TDSSKiller Log
das programm unhide muss man das benutzen? bei mir hatt alles so geklappt

2011/06/01 13:42:43.0079 5940 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/01 13:42:43.0719 5940 ================================================================================
2011/06/01 13:42:43.0720 5940 SystemInfo:
2011/06/01 13:42:43.0720 5940
2011/06/01 13:42:43.0720 5940 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/01 13:42:43.0720 5940 Product type: Workstation
2011/06/01 13:42:43.0720 5940 ComputerName: XXXXX
2011/06/01 13:42:43.0722 5940 UserName: XXXXXXX
2011/06/01 13:42:43.0722 5940 Windows directory: C:\Windows
2011/06/01 13:42:43.0722 5940 System windows directory: C:\Windows
2011/06/01 13:42:43.0722 5940 Processor architecture: Intel x86
2011/06/01 13:42:43.0722 5940 Number of processors: 2
2011/06/01 13:42:43.0722 5940 Page size: 0x1000
2011/06/01 13:42:43.0722 5940 Boot type: Normal boot
2011/06/01 13:42:43.0722 5940 ================================================================================
2011/06/01 13:42:44.0943 5940 Initialize success
2011/06/01 13:42:53.0327 6000 ================================================================================
2011/06/01 13:42:53.0327 6000 Scan started
2011/06/01 13:42:53.0327 6000 Mode: Manual;
2011/06/01 13:42:53.0327 6000 ================================================================================
2011/06/01 13:42:55.0805 6000 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/01 13:42:55.0882 6000 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/01 13:42:56.0034 6000 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/01 13:42:56.0111 6000 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/01 13:42:56.0229 6000 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/01 13:42:56.0298 6000 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/01 13:42:56.0441 6000 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/06/01 13:42:56.0526 6000 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/01 13:42:56.0633 6000 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/01 13:42:56.0730 6000 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/01 13:42:56.0830 6000 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/06/01 13:42:56.0892 6000 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/01 13:42:56.0938 6000 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/01 13:42:57.0026 6000 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/01 13:42:57.0210 6000 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/01 13:42:57.0307 6000 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/01 13:42:57.0385 6000 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/01 13:42:57.0490 6000 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/06/01 13:42:57.0639 6000 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/01 13:42:57.0736 6000 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/01 13:42:57.0817 6000 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/01 13:42:57.0891 6000 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/01 13:42:58.0012 6000 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
2011/06/01 13:42:58.0180 6000 AtiHdmiService (e2398389648b5d44dc63ca43fdd5b3f8) C:\Windows\system32\drivers\AtiHdmi.sys
2011/06/01 13:42:58.0377 6000 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/01 13:42:58.0674 6000 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/06/01 13:42:58.0851 6000 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/01 13:42:58.0912 6000 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/01 13:42:59.0058 6000 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/01 13:42:59.0122 6000 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/01 13:42:59.0280 6000 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/01 13:42:59.0333 6000 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/01 13:42:59.0371 6000 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/01 13:42:59.0533 6000 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/01 13:42:59.0569 6000 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/01 13:42:59.0631 6000 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/01 13:42:59.0748 6000 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/01 13:42:59.0780 6000 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/01 13:42:59.0867 6000 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/01 13:42:59.0977 6000 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/01 13:43:00.0129 6000 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/01 13:43:00.0177 6000 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/01 13:43:00.0354 6000 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/01 13:43:00.0411 6000 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/01 13:43:00.0542 6000 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/01 13:43:00.0602 6000 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/01 13:43:00.0709 6000 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/01 13:43:00.0754 6000 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/01 13:43:00.0902 6000 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/06/01 13:43:00.0982 6000 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/06/01 13:43:01.0113 6000 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/01 13:43:01.0184 6000 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/01 13:43:01.0315 6000 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/01 13:43:01.0404 6000 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/06/01 13:43:01.0473 6000 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/01 13:43:01.0619 6000 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/01 13:43:01.0880 6000 eamonm (04cba07e73f152970fc34d66d3892e2a) C:\Windows\system32\DRIVERS\eamonm.sys
2011/06/01 13:43:02.0104 6000 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/01 13:43:02.0403 6000 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/06/01 13:43:02.0588 6000 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/01 13:43:02.0665 6000 enecir (6c74035909b31f873d85b25e00beb984) C:\Windows\system32\DRIVERS\enecir.sys
2011/06/01 13:43:02.0810 6000 epfw (73411c14a8c6062bb6a510772cf2f38c) C:\Windows\system32\DRIVERS\epfw.sys
2011/06/01 13:43:02.0963 6000 Epfwndis (490329bf80f333e788df9596a752a915) C:\Windows\system32\DRIVERS\Epfwndis.sys
2011/06/01 13:43:02.0992 6000 epfwwfp (c62068dab6e2510fb231286d3da63dfa) C:\Windows\system32\DRIVERS\epfwwfp.sys
2011/06/01 13:43:03.0045 6000 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/01 13:43:03.0194 6000 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/01 13:43:03.0228 6000 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/01 13:43:03.0365 6000 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/01 13:43:03.0419 6000 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/01 13:43:03.0448 6000 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/01 13:43:03.0588 6000 FlashUSB (e044b5c7cd5cea728d13d30d431b13e0) C:\Windows\system32\DRIVERS\FlashUSB.sys
2011/06/01 13:43:03.0633 6000 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/01 13:43:03.0785 6000 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/01 13:43:03.0837 6000 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/01 13:43:03.0868 6000 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/01 13:43:04.0008 6000 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/01 13:43:04.0067 6000 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/01 13:43:04.0194 6000 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/01 13:43:04.0263 6000 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
2011/06/01 13:43:04.0378 6000 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/01 13:43:04.0456 6000 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/06/01 13:43:04.0587 6000 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/01 13:43:04.0629 6000 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/01 13:43:04.0667 6000 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/01 13:43:04.0788 6000 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/01 13:43:04.0845 6000 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/01 13:43:05.0000 6000 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/01 13:43:05.0063 6000 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/06/01 13:43:05.0232 6000 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/06/01 13:43:05.0275 6000 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/01 13:43:05.0430 6000 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/01 13:43:05.0488 6000 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/01 13:43:05.0624 6000 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/01 13:43:05.0747 6000 InputFilter_Hid_FlexDef2c (9cb1787be5dd12f7b0c4fd88d701f52b) C:\Windows\system32\DRIVERS\InputFilter_FlexDef2c.sys
2011/06/01 13:43:05.0918 6000 IntcAzAudAddService (d4a1767fd9d5c7762e9b8b36527b8af3) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/01 13:43:06.0063 6000 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/01 13:43:06.0109 6000 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/01 13:43:06.0142 6000 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/01 13:43:06.0284 6000 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/01 13:43:06.0321 6000 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/01 13:43:06.0462 6000 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/01 13:43:06.0496 6000 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/01 13:43:06.0537 6000 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/01 13:43:06.0688 6000 JMCR (65da9fa42c0972fe5b9b7d6047f06f4c) C:\Windows\system32\DRIVERS\jmcr.sys
2011/06/01 13:43:06.0746 6000 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/01 13:43:06.0874 6000 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/01 13:43:06.0949 6000 kl1 (514e8fcc961241c6cf002f3a1e05de94) C:\Windows\system32\DRIVERS\kl1.sys
2011/06/01 13:43:07.0074 6000 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/01 13:43:07.0130 6000 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/01 13:43:07.0304 6000 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/01 13:43:07.0381 6000 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/01 13:43:07.0502 6000 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/01 13:43:07.0544 6000 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/01 13:43:07.0670 6000 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/01 13:43:07.0728 6000 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/01 13:43:07.0927 6000 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/01 13:43:08.0060 6000 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/01 13:43:08.0107 6000 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/01 13:43:08.0153 6000 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/01 13:43:08.0287 6000 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/01 13:43:08.0337 6000 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/01 13:43:08.0471 6000 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/06/01 13:43:08.0508 6000 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/01 13:43:08.0546 6000 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/01 13:43:08.0678 6000 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/01 13:43:08.0742 6000 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/01 13:43:08.0876 6000 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/01 13:43:08.0911 6000 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/01 13:43:08.0959 6000 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/01 13:43:09.0078 6000 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/01 13:43:09.0128 6000 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/01 13:43:09.0155 6000 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/01 13:43:09.0186 6000 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/01 13:43:09.0329 6000 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/01 13:43:09.0367 6000 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/01 13:43:09.0405 6000 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/01 13:43:09.0530 6000 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/01 13:43:09.0576 6000 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/01 13:43:09.0752 6000 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/01 13:43:09.0788 6000 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/01 13:43:09.0829 6000 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/01 13:43:09.0986 6000 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/01 13:43:10.0052 6000 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/06/01 13:43:10.0190 6000 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/01 13:43:10.0228 6000 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/01 13:43:10.0273 6000 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/01 13:43:10.0396 6000 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/01 13:43:10.0433 6000 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/06/01 13:43:10.0510 6000 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/01 13:43:10.0623 6000 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/01 13:43:10.0824 6000 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/01 13:43:10.0876 6000 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/01 13:43:11.0006 6000 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/01 13:43:11.0079 6000 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/06/01 13:43:11.0223 6000 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/01 13:43:11.0275 6000 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/01 13:43:11.0406 6000 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/01 13:43:11.0445 6000 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/01 13:43:11.0486 6000 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/01 13:43:11.0667 6000 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/01 13:43:11.0724 6000 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/06/01 13:43:11.0774 6000 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/01 13:43:11.0998 6000 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/06/01 13:43:12.0033 6000 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/01 13:43:12.0073 6000 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/01 13:43:12.0231 6000 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/06/01 13:43:12.0295 6000 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/01 13:43:12.0355 6000 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/01 13:43:12.0626 6000 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/01 13:43:12.0666 6000 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/01 13:43:12.0818 6000 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/01 13:43:12.0886 6000 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/01 13:43:13.0021 6000 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/01 13:43:13.0060 6000 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/01 13:43:13.0095 6000 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/01 13:43:13.0142 6000 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/01 13:43:13.0275 6000 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/01 13:43:13.0310 6000 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/01 13:43:13.0349 6000 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/01 13:43:13.0471 6000 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/01 13:43:13.0505 6000 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/01 13:43:13.0534 6000 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/01 13:43:13.0596 6000 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/06/01 13:43:13.0722 6000 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/01 13:43:13.0755 6000 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/01 13:43:13.0799 6000 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/06/01 13:43:13.0942 6000 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/06/01 13:43:14.0043 6000 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
2011/06/01 13:43:14.0184 6000 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/01 13:43:14.0239 6000 RTHDMIAzAudService (c853ae16ccf5033c0cba0855390f5c7f) C:\Windows\system32\drivers\RtHDMIV.sys
2011/06/01 13:43:14.0354 6000 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/01 13:43:14.0409 6000 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/01 13:43:14.0565 6000 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/01 13:43:14.0625 6000 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/01 13:43:14.0775 6000 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/01 13:43:14.0811 6000 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/01 13:43:14.0856 6000 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/01 13:43:15.0024 6000 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/01 13:43:15.0058 6000 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/01 13:43:15.0098 6000 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/01 13:43:15.0203 6000 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/01 13:43:15.0301 6000 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/06/01 13:43:15.0646 6000 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/01 13:43:15.0992 6000 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/01 13:43:16.0583 6000 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/01 13:43:17.0108 6000 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/01 13:43:18.0047 6000 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/06/01 13:43:18.0593 6000 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/01 13:43:19.0099 6000 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/06/01 13:43:19.0508 6000 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/06/01 13:43:19.0924 6000 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/06/01 13:43:20.0234 6000 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/01 13:43:20.0556 6000 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/01 13:43:20.0901 6000 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/01 13:43:21.0211 6000 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/01 13:43:21.0506 6000 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/01 13:43:21.0904 6000 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/06/01 13:43:22.0318 6000 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/01 13:43:22.0668 6000 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/01 13:43:22.0957 6000 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/06/01 13:43:23.0290 6000 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/01 13:43:23.0590 6000 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/01 13:43:23.0884 6000 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/01 13:43:24.0272 6000 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/01 13:43:24.0619 6000 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/01 13:43:24.0991 6000 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/01 13:43:25.0295 6000 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/01 13:43:25.0922 6000 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/01 13:43:26.0563 6000 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/01 13:43:27.0044 6000 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/01 13:43:27.0382 6000 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/01 13:43:27.0688 6000 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/01 13:43:28.0029 6000 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/01 13:43:28.0365 6000 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/01 13:43:28.0638 6000 usbfilter (0150b06d3e73f6c27afcb963fd931820) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/06/01 13:43:28.0972 6000 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/01 13:43:29.0285 6000 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/01 13:43:29.0609 6000 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/01 13:43:29.0871 6000 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/01 13:43:30.0171 6000 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/01 13:43:30.0538 6000 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/01 13:43:30.0869 6000 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/01 13:43:31.0179 6000 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/01 13:43:31.0454 6000 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/01 13:43:31.0736 6000 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/01 13:43:32.0330 6000 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/06/01 13:43:32.0564 6000 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/01 13:43:32.0901 6000 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/01 13:43:33.0248 6000 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/01 13:43:33.0535 6000 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/01 13:43:33.0864 6000 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/01 13:43:34.0001 6000 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/01 13:43:34.0065 6000 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/01 13:43:34.0228 6000 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/01 13:43:34.0275 6000 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/01 13:43:34.0426 6000 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/01 13:43:34.0491 6000 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/01 13:43:34.0634 6000 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/01 13:43:34.0655 6000 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/01 13:43:34.0732 6000 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/01 13:43:34.0778 6000 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/01 13:43:34.0983 6000 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/01 13:43:35.0021 6000 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/01 13:43:35.0231 6000 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/01 13:43:35.0292 6000 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/01 13:43:35.0464 6000 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/01 13:43:35.0535 6000 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/01 13:43:35.0779 6000 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/01 13:43:36.0028 6000 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
2011/06/01 13:43:36.0245 6000 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/01 13:43:36.0264 6000 ================================================================================
2011/06/01 13:43:36.0264 6000 Scan finished
2011/06/01 13:43:36.0264 6000 ================================================================================
2011/06/01 13:43:36.0284 5992 Detected object count: 0
2011/06/01 13:43:36.0284 5992 Actual detected object count: 0

cosinus · 01.06.2011, 13:26

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Andre1990 · 01.06.2011, 16:44

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-06-01.01 - XXXXXX 01.06.2011  17:25:27.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.1790.925 [GMT 2:00]
ausgeführt von:: c:\users\XXXXX\Desktop\cofi.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal Firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andre\AppData\Roaming\ezpinst.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-01 bis 2011-06-01  ))))))))))))))))))))))))))))))
.
.
2011-06-01 15:34 . 2011-06-01 15:37	--------	d-----w-	c:\users\Andre\AppData\Local\temp
2011-06-01 15:34 . 2011-06-01 15:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-01 11:34 . 2011-06-01 11:34	--------	d-----w-	C:\_OTL
2011-05-31 22:16 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FAC056A6-013F-4C92-A132-3355708690F5}\mpengine.dll
2011-05-31 20:21 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-31 20:21 . 2011-05-31 20:21	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-05-31 20:21 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-21 20:11 . 2004-10-13 12:28	505104	----a-w-	c:\windows\system32\msxml.dll
2011-05-21 20:11 . 2004-10-13 12:28	115016	----a-w-	c:\windows\system32\MSINET.OCX
2011-05-21 20:11 . 2011-05-21 20:11	--------	d-----w-	c:\program files\Ubisoft
2011-05-21 20:11 . 2004-10-13 12:28	69632	----a-w-	c:\windows\system32\xmltok.dll
2011-05-21 20:11 . 2004-10-13 12:28	36864	----a-w-	c:\windows\system32\xmlparse.dll
2011-05-21 20:11 . 2004-10-13 12:28	89360	----a-w-	c:\windows\system32\VB5DB.DLL
2011-05-21 20:11 . 2004-10-13 12:28	35840	----a-w-	c:\windows\system32\comdlg32.oca
2011-05-21 20:11 . 2004-10-13 12:28	29184	----a-w-	c:\windows\system32\MSINET.oca
2011-05-21 20:11 . 2004-10-13 12:28	28432	----a-w-	c:\windows\system32\msxmlr.dll
2011-05-21 20:11 . 2004-10-13 12:28	26096	----a-w-	c:\windows\system32\xmlinst.exe
2011-05-21 20:11 . 2004-10-13 12:28	24576	----a-w-	c:\windows\system32\msxml3a.dll
2011-05-21 20:03 . 2004-10-22 00:18	749568	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-05-21 20:03 . 2004-10-22 00:17	69715	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-05-21 20:03 . 2004-10-22 00:17	274432	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-05-21 20:03 . 2004-10-22 00:16	180224	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-05-21 20:03 . 2004-10-22 00:16	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-05-15 21:24 . 2011-05-15 21:33	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-05-15 21:24 . 2011-05-15 21:25	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-05-15 20:55 . 2011-05-15 20:55	--------	d-----w-	c:\program files\CCleaner
2011-05-15 20:44 . 2011-04-09 05:56	123904	----a-w-	c:\windows\system32\poqexec.exe
2011-05-15 16:17 . 2011-05-15 16:17	--------	d-----w-	c:\program files\Common Files\Java
2011-05-11 15:52 . 2011-05-11 16:05	--------	d-----w-	c:\program files\ICQ7.5
2011-05-11 12:05 . 2011-04-09 06:13	3957632	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-05-11 12:05 . 2011-04-09 06:13	3901824	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-05-08 18:22 . 2011-05-08 18:22	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-05-08 18:22 . 2011-05-08 18:22	781272	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-08 18:22 . 2011-05-08 18:22	465880	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-08 18:22 . 2011-05-08 18:22	1874904	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-05-08 18:22 . 2011-05-08 18:22	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-08 18:22 . 2011-05-08 18:22	1892184	----a-w-	c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-08 18:22 . 2011-05-08 18:22	142296	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-08 18:22 . 2011-05-08 18:22	1974616	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_42.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-14 02:21	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-04-14 03:07 . 2010-07-18 15:57	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-04-08 11:28 . 2011-04-08 11:28	41872	----a-w-	c:\windows\system32\xfcodec.dll
2011-03-11 05:40 . 2011-04-13 15:38	1164288	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 15:38	1137664	----a-w-	c:\windows\system32\mfc42.dll
2011-03-08 05:38 . 2011-04-13 15:39	740864	----a-w-	c:\windows\system32\inetcomm.dll
2011-05-08 18:22 . 2011-05-08 18:22	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-04-23 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-10 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-10 7399968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Launch SilverCrest GML807"="c:\program files\SilverCrest GML807 Driver\MouClient_FD2_1001RL.exe" [2010-09-02 862208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Users^Andre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [2011-02-16 88176]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-20 116136]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-03 218688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-12-21 41336]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
S3 InputFilter_Hid_FlexDef2c;Siliten HID Devices(FlexDef2c) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2c.sys [2010-08-06 16896]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 97452831
*Deregistered* - 97452831
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\k2veblcu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-01  17:39:44
ComboFix-quarantined-files.txt  2011-06-01 15:39
.
Vor Suchlauf: 13 Verzeichnis(se), 17.338.773.504 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 17.161.871.360 Bytes frei
.
- - End Of File - - 31A01DE6D8A46E1A8D76055F4EB68353

--- --- ---

cosinus · 01.06.2011, 20:45

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

31.05.2011, 20:12	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Problem mit java(Java/trojanerDownloader.....) Kannste das Bild mal woanders hochladen? Am besten => Saved.im Imagebanane lädt nicht. __________________ __________________

31.05.2011, 21:39	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Problem mit java(Java/trojanerDownloader.....) Ja, bitte zumindest für OTL deaktivieren. __________________ --> Problem mit java(Java/trojanerDownloader.....)

Problem mit java(Java/trojanerDownloader.....)

Plagegeister aller Art und deren Bekämpfung: Problem mit java(Java/trojanerDownloader.....)