Windows Recovery enfernt? Desktop noch schwarz und icons weg bzw. transparent

Mhhh · 04.06.2011, 09:58

Hallo,

habe mir gestern Windows Recovery eingefangen. Habe versucht es anhand der hier dargestellten Anleitung zu entfernen. Das Recovery Fenster öffnet sich zwar nicht mehr aber trotzdem is der Desktophintergrund noch schwarz und die Icons weg bzw durchsichtig. Hier is die Logdatei von Malwarebytes (war aktuelle Version):

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6761

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03.06.2011 15:08:20
mbam-log-2011-06-03 (15-08-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 392586
Laufzeit: 1 Stunde(n), 2 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mansion Poker (PUP.Casino) -> Not selected for removal.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FVHAXclnXknQk (Trojan.FakeMS) -> Value: FVHAXclnXknQk -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\fvhaxclnxknqk.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Poker\mansionpoker\_setuppoker_11d087.exe (PUP.Casino) -> Not selected for removal.
c:\programdata\39051000.exe (Trojan.Agent.GD) -> Quarantined and deleted successfully.
c:\Users\Marvin\AppData\Local\Temp\1363E8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Marvin\AppData\Local\Temp\tmp43F2.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Marvin\downloads\setuppoker_11d087.exe (PUP.Casino) -> Not selected for removal.

Wie soll ich jetz weiter vorgehen?

Danke

cosinus · 04.06.2011, 11:32

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Mhhh · 04.06.2011, 12:24

Vielen Dank für Deine Hilfe,

anbei die Datei :OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.06.2011 13:00:02 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Marvin\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,92 Gb Available Physical Memory | 75,68% Memory free
7,71 Gb Paging File | 6,15 Gb Available in Paging File | 79,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,29 Gb Total Space | 405,98 Gb Free Space | 89,76% Space Free | Partition Type: NTFS
 
Computer Name: MARVIN-VAIO | User Name: Marvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2010.06.01 04:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.06.01 04:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.05.31 20:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.05.31 20:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.05.26 11:08:08 | 000,055,152 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCSpt.exe
PRC - [2010.05.18 14:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.10.13 22:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010.10.13 22:28:54 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010.10.07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010.06.24 22:06:19 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.06.21 19:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2010.06.09 16:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010.06.09 16:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010.06.09 16:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2010.06.08 18:00:04 | 000,836,608 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2010.06.06 23:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010.05.31 19:25:48 | 001,250,160 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2010.05.25 06:23:52 | 000,252,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010.03.10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.04.15 14:46:45 | 000,066,048 | -H-- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\postgres\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010.11.18 04:16:26 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2010.06.20 22:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.06.20 22:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.06.18 08:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.06.17 13:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.06.09 00:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.06.01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.06.01 04:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.05.31 20:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.10.09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.10.13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010.10.13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010.10.13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010.10.13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010.10.13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010.10.13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010.10.13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010.10.13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010.06.24 22:34:53 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.06.24 22:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.24 22:06:24 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.06.23 22:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.06.23 22:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.23 22:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.06.23 22:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.06.23 22:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.06.23 22:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010.06.23 22:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.05.31 23:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010.05.31 23:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.05.31 23:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.31 22:10:13 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.05.28 22:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.05.28 22:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.05.26 09:52:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.20 13:31:34 | 000,000,000 | ---D | M]
 
[2011.04.16 16:24:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\Extensions
[2011.06.01 16:44:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\8fbz7knh.default\extensions
[2011.04.30 16:22:12 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\8fbz7knh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.01 16:44:37 | 000,000,000 | -H-D | M] (Nero Toolbar) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\8fbz7knh.default\extensions\toolbar@ask.com
[2011.04.16 16:23:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- 
[2011.05.26 09:52:20 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011.04.30 16:16:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20110426121813.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110426121813.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marvin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marvin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: mfevtp - C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{F65A5BD6-CBD5-44BB-92EE-7CD500DC5948} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.04 12:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.06.04 12:26:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.06.04 10:46:41 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Marvin\Desktop\OTL.exe
[2011.06.03 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Local\AskToolbar
[2011.06.03 15:32:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.06.03 14:04:05 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Malwarebytes
[2011.06.03 14:03:55 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.06.03 14:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.03 14:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.03 14:03:52 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.06.03 14:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.06.03 13:33:16 | 000,000,000 | -H-D | C] -- C:\Users\Marvin\AppData\Roaming\TuneUp Software
[2011.06.03 13:32:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\TuneUp Software
[2011.06.03 13:32:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.06.03 12:43:21 | 000,000,000 | -H-D | C] -- C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011.06.01 16:51:27 | 000,000,000 | -H-D | C] -- C:\Users\Marvin\AppData\Roaming\Nero
[2011.06.01 16:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011.06.01 16:50:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Nero
[2011.06.01 16:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011.06.01 16:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2011.06.01 16:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.06.01 16:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.06.01 16:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2011.06.01 16:43:22 | 000,000,000 | -H-D | C] -- C:\Users\Marvin\Desktop\Neuer Techno
[2011.06.01 16:42:48 | 000,000,000 | -H-D | C] -- C:\Users\Marvin\Desktop\Marv TEchno
[2011.06.01 16:42:08 | 000,000,000 | -H-D | C] -- C:\Users\Marvin\Desktop\90s
[2011.05.20 13:32:50 | 000,000,000 | -H-D | C] -- C:\Users\Marvin\AppData\Local\Apple Computer
[2011.05.20 13:32:49 | 000,000,000 | -H-D | C] -- C:\Users\Marvin\AppData\Roaming\Apple Computer
[2011.05.20 13:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.05.20 13:32:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.05.20 13:32:24 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.05.20 13:32:23 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.05.20 13:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.05.20 13:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011.05.20 13:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.05.20 13:31:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Apple Computer
[2011.05.20 13:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.05.20 13:31:03 | 000,000,000 | -H-D | C] -- C:\Users\Marvin\AppData\Local\Apple
[2011.05.20 13:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.05.20 13:30:36 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.05.20 13:30:26 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.05.20 13:30:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.05.20 13:30:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Apple
[2011.05.20 13:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.05.05 16:56:41 | 000,000,000 | RH-D | C] -- C:\Users\Marvin\Searches
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.04 12:47:44 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.04 12:47:44 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.04 12:37:49 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.04 12:37:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.04 12:37:12 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.04 12:35:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.04 10:46:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Marvin\Desktop\OTL.exe
[2011.06.03 15:37:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.03 12:43:38 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~39051000
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.18 18:16:31 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.18 18:16:31 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.18 18:16:31 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.18 18:16:31 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.18 18:16:31 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.03 14:03:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.03 12:43:25 | 000,000,040 | -H-- | C] () -- C:\ProgramData\~39051000
[2011.04.26 13:57:49 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010.10.12 19:30:23 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.10.12 19:30:22 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.10.12 19:30:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.10.12 19:30:21 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.10.12 19:30:20 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.10.12 19:30:13 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010.10.12 19:30:13 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2010.10.12 19:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.04.30 16:22:12 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.26 11:20:27 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\HEM Data
[2011.06.03 13:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\TuneUp Software
[2011.06.04 12:37:26 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.26 09:14:16 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\Adobe
[2011.06.01 16:30:15 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\Apple Computer
[2011.04.28 11:02:17 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\ArcSoft
[2011.04.15 15:15:41 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\ATI
[2011.04.30 16:22:12 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.26 11:20:27 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\HEM Data
[2011.04.15 15:14:59 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\Identities
[2011.04.15 15:15:55 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\Intel Corporation
[2010.11.18 04:13:51 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\Macromedia
[2011.06.03 14:04:05 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\Malwarebytes
[2010.10.13 00:58:02 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\Media Center Programs
[2011.04.22 22:09:33 | 000,000,000 | --SD | M] -- C:\Users\Marvin\AppData\Roaming\Microsoft
[2011.04.16 16:24:08 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\Mozilla
[2011.06.01 16:51:27 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\Nero
[2011.04.15 15:13:38 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\Sony Corporation
[2011.06.03 13:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Marvin\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
[2010.11.18 04:13:27 | 000,038,784 | -H-- | M] () -- C:\Users\Marvin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Marvin\AppData\Local\Temp\RarSFX0\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Marvin\AppData\Local\Temp\RarSFX1\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Marvin\AppData\Local\Temp\RarSFX2\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Marvin\AppData\Local\Temp\RarSFX3\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Marvin\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Marvin\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Marvin\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Marvin\AppData\Local\Temp\RarSFX3\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Files - Unicode (All) ==========
[2011.05.05 17:36:08 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\??) -- C:\Windows\SysNative\ꋀž
[2011.05.05 17:36:08 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\??) -- C:\Windows\SysNative\ꋀž

< End of report >

--- --- ---

cosinus · 04.06.2011, 12:36

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Mhhh · 04.06.2011, 12:47

2011/06/04 13:45:45.0244 4768 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/04 13:45:47.0256 4768 ================================================================================
2011/06/04 13:45:47.0256 4768 SystemInfo:
2011/06/04 13:45:47.0256 4768
2011/06/04 13:45:47.0256 4768 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/04 13:45:47.0256 4768 Product type: Workstation
2011/06/04 13:45:47.0256 4768 ComputerName: MARVIN-VAIO
2011/06/04 13:45:47.0256 4768 UserName: Marvin
2011/06/04 13:45:47.0256 4768 Windows directory: C:\Windows
2011/06/04 13:45:47.0256 4768 System windows directory: C:\Windows
2011/06/04 13:45:47.0256 4768 Running under WOW64
2011/06/04 13:45:47.0256 4768 Processor architecture: Intel x64
2011/06/04 13:45:47.0256 4768 Number of processors: 4
2011/06/04 13:45:47.0256 4768 Page size: 0x1000
2011/06/04 13:45:47.0256 4768 Boot type: Normal boot
2011/06/04 13:45:47.0256 4768 ================================================================================
2011/06/04 13:45:47.0756 4768 Initialize success
2011/06/04 13:45:50.0096 2556 ================================================================================
2011/06/04 13:45:50.0096 2556 Scan started
2011/06/04 13:45:50.0096 2556 Mode: Manual;
2011/06/04 13:45:50.0096 2556 ================================================================================
2011/06/04 13:45:50.0595 2556 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\drivers\1394ohci.sys
2011/06/04 13:45:50.0704 2556 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
2011/06/04 13:45:50.0782 2556 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
2011/06/04 13:45:50.0907 2556 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/06/04 13:45:51.0047 2556 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/06/04 13:45:51.0110 2556 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/06/04 13:45:51.0219 2556 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/04 13:45:51.0328 2556 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/06/04 13:45:51.0453 2556 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/06/04 13:45:51.0546 2556 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/06/04 13:45:51.0609 2556 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/06/04 13:45:51.0671 2556 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2011/06/04 13:45:51.0765 2556 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys
2011/06/04 13:45:51.0890 2556 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/06/04 13:45:51.0983 2556 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys
2011/06/04 13:45:52.0061 2556 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\drivers\Apfiltr.sys
2011/06/04 13:45:52.0139 2556 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/04 13:45:52.0264 2556 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/06/04 13:45:52.0311 2556 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/06/04 13:45:52.0404 2556 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/06/04 13:45:52.0467 2556 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/04 13:45:52.0576 2556 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/06/04 13:45:52.0732 2556 athr (cca705cdf038d5bc243203ce4416b345) C:\Windows\system32\DRIVERS\athrx.sys
2011/06/04 13:45:52.0982 2556 atikmdag (eaea2ce49de0cca80beb9134107e5dd7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/04 13:45:53.0231 2556 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/06/04 13:45:53.0340 2556 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/04 13:45:53.0465 2556 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/04 13:45:53.0606 2556 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
2011/06/04 13:45:53.0715 2556 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/04 13:45:53.0746 2556 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/06/04 13:45:53.0824 2556 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/06/04 13:45:53.0886 2556 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/04 13:45:53.0980 2556 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/04 13:45:54.0027 2556 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/04 13:45:54.0120 2556 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/04 13:45:54.0183 2556 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/04 13:45:54.0276 2556 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/06/04 13:45:54.0339 2556 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/04 13:45:54.0448 2556 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/06/04 13:45:54.0573 2556 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/04 13:45:54.0635 2556 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
2011/06/04 13:45:54.0713 2556 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
2011/06/04 13:45:54.0776 2556 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
2011/06/04 13:45:54.0869 2556 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/06/04 13:45:54.0947 2556 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/04 13:45:55.0025 2556 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/04 13:45:55.0103 2556 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
2011/06/04 13:45:55.0212 2556 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
2011/06/04 13:45:55.0275 2556 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/06/04 13:45:55.0322 2556 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/04 13:45:55.0400 2556 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2011/06/04 13:45:55.0431 2556 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/06/04 13:45:55.0524 2556 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/04 13:45:55.0634 2556 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2011/06/04 13:45:55.0727 2556 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/04 13:45:55.0805 2556 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/06/04 13:45:55.0930 2556 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/04 13:45:56.0008 2556 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/04 13:45:56.0086 2556 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2011/06/04 13:45:56.0180 2556 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/04 13:45:56.0242 2556 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/04 13:45:56.0414 2556 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/06/04 13:45:56.0570 2556 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/06/04 13:45:56.0663 2556 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/06/04 13:45:56.0788 2556 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/04 13:45:56.0835 2556 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/04 13:45:56.0944 2556 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2011/06/04 13:45:57.0006 2556 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/04 13:45:57.0084 2556 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/04 13:45:57.0147 2556 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2011/06/04 13:45:57.0240 2556 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/04 13:45:57.0287 2556 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/04 13:45:57.0381 2556 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/04 13:45:57.0428 2556 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/04 13:45:57.0521 2556 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/04 13:45:57.0599 2556 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/04 13:45:57.0724 2556 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/04 13:45:57.0786 2556 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/04 13:45:57.0864 2556 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
2011/06/04 13:45:57.0942 2556 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
2011/06/04 13:45:58.0020 2556 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/06/04 13:45:58.0067 2556 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/06/04 13:45:58.0130 2556 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/06/04 13:45:58.0254 2556 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/04 13:45:58.0348 2556 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/04 13:45:58.0442 2556 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/04 13:45:58.0551 2556 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/04 13:45:58.0660 2556 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/06/04 13:45:58.0707 2556 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
2011/06/04 13:45:58.0816 2556 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys
2011/06/04 13:45:59.0050 2556 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/04 13:45:59.0331 2556 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/06/04 13:45:59.0471 2556 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
2011/06/04 13:45:59.0658 2556 IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/04 13:45:59.0799 2556 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/06/04 13:45:59.0846 2556 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/06/04 13:45:59.0924 2556 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
2011/06/04 13:46:00.0002 2556 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/04 13:46:00.0064 2556 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/04 13:46:00.0142 2556 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/04 13:46:00.0267 2556 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/04 13:46:00.0298 2556 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/06/04 13:46:00.0345 2556 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
2011/06/04 13:46:00.0454 2556 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/06/04 13:46:00.0516 2556 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
2011/06/04 13:46:00.0641 2556 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/04 13:46:00.0672 2556 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/04 13:46:00.0704 2556 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/04 13:46:00.0844 2556 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/04 13:46:00.0984 2556 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/04 13:46:01.0031 2556 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/04 13:46:01.0140 2556 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/06/04 13:46:01.0187 2556 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/04 13:46:01.0281 2556 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/04 13:46:01.0437 2556 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2011/06/04 13:46:01.0499 2556 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/06/04 13:46:01.0593 2556 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
2011/06/04 13:46:01.0624 2556 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
2011/06/04 13:46:01.0796 2556 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
2011/06/04 13:46:01.0905 2556 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
2011/06/04 13:46:01.0998 2556 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/06/04 13:46:02.0030 2556 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
2011/06/04 13:46:02.0123 2556 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
2011/06/04 13:46:02.0186 2556 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/04 13:46:02.0295 2556 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/04 13:46:02.0326 2556 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/04 13:46:02.0435 2556 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/04 13:46:02.0482 2556 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/04 13:46:02.0576 2556 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
2011/06/04 13:46:02.0622 2556 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/04 13:46:02.0716 2556 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/04 13:46:02.0763 2556 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/04 13:46:02.0825 2556 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/04 13:46:02.0872 2556 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/04 13:46:02.0934 2556 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
2011/06/04 13:46:03.0028 2556 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
2011/06/04 13:46:03.0090 2556 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/04 13:46:03.0184 2556 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/04 13:46:03.0215 2556 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/06/04 13:46:03.0324 2556 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/04 13:46:03.0356 2556 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/04 13:46:03.0371 2556 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/04 13:46:03.0402 2556 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/04 13:46:03.0449 2556 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/06/04 13:46:03.0527 2556 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/04 13:46:03.0574 2556 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/06/04 13:46:03.0605 2556 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/04 13:46:03.0714 2556 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/04 13:46:03.0870 2556 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/04 13:46:03.0980 2556 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/04 13:46:04.0026 2556 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/04 13:46:04.0120 2556 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/04 13:46:04.0151 2556 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/04 13:46:04.0245 2556 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/04 13:46:04.0276 2556 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/04 13:46:04.0370 2556 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/04 13:46:04.0494 2556 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/06/04 13:46:04.0557 2556 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/04 13:46:04.0650 2556 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/04 13:46:04.0713 2556 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/04 13:46:04.0822 2556 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/04 13:46:04.0947 2556 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys
2011/06/04 13:46:04.0994 2556 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys
2011/06/04 13:46:05.0103 2556 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/06/04 13:46:05.0134 2556 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/06/04 13:46:05.0196 2556 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2011/06/04 13:46:05.0290 2556 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/04 13:46:05.0337 2556 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
2011/06/04 13:46:05.0431 2556 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/06/04 13:46:05.0477 2556 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/06/04 13:46:05.0509 2556 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/04 13:46:05.0602 2556 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/04 13:46:05.0821 2556 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/04 13:46:05.0867 2556 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/06/04 13:46:05.0992 2556 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/04 13:46:06.0008 2556 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/06/04 13:46:06.0133 2556 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/06/04 13:46:06.0257 2556 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/06/04 13:46:06.0476 2556 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/04 13:46:06.0647 2556 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/04 13:46:06.0803 2556 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/04 13:46:06.0944 2556 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/04 13:46:07.0069 2556 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/04 13:46:07.0225 2556 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/04 13:46:07.0521 2556 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/04 13:46:07.0739 2556 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
2011/06/04 13:46:07.0802 2556 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/04 13:46:07.0864 2556 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/04 13:46:07.0942 2556 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/04 13:46:07.0989 2556 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/04 13:46:08.0051 2556 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/06/04 13:46:08.0176 2556 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/04 13:46:08.0285 2556 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
2011/06/04 13:46:08.0363 2556 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
2011/06/04 13:46:08.0441 2556 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/04 13:46:08.0504 2556 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/06/04 13:46:08.0582 2556 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
2011/06/04 13:46:08.0660 2556 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/04 13:46:08.0738 2556 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/04 13:46:08.0800 2556 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/04 13:46:08.0909 2556 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2011/06/04 13:46:08.0972 2556 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2011/06/04 13:46:09.0050 2556 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/06/04 13:46:09.0143 2556 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
2011/06/04 13:46:09.0221 2556 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/06/04 13:46:09.0315 2556 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/04 13:46:09.0424 2556 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/04 13:46:09.0533 2556 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/06/04 13:46:09.0752 2556 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2011/06/04 13:46:09.0861 2556 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2011/06/04 13:46:10.0111 2556 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/04 13:46:10.0298 2556 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/04 13:46:10.0547 2556 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/06/04 13:46:10.0813 2556 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/04 13:46:11.0140 2556 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/04 13:46:11.0281 2556 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/06/04 13:46:11.0452 2556 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/06/04 13:46:11.0624 2556 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/06/04 13:46:11.0873 2556 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/04 13:46:11.0998 2556 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/04 13:46:12.0045 2556 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/04 13:46:12.0092 2556 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/04 13:46:12.0185 2556 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/04 13:46:12.0232 2556 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
2011/06/04 13:46:12.0373 2556 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/04 13:46:12.0419 2556 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/04 13:46:12.0513 2556 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/06/04 13:46:12.0560 2556 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/04 13:46:12.0622 2556 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/04 13:46:12.0731 2556 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/04 13:46:12.0778 2556 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/06/04 13:46:12.0919 2556 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/04 13:46:12.0965 2556 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\drivers\usbccgp.sys
2011/06/04 13:46:13.0059 2556 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/06/04 13:46:13.0106 2556 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys
2011/06/04 13:46:13.0168 2556 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\drivers\usbhub.sys
2011/06/04 13:46:13.0527 2556 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
2011/06/04 13:46:13.0933 2556 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
2011/06/04 13:46:14.0104 2556 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/04 13:46:14.0276 2556 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2011/06/04 13:46:14.0369 2556 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/04 13:46:14.0463 2556 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/04 13:46:14.0541 2556 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/04 13:46:14.0744 2556 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/04 13:46:14.0884 2556 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
2011/06/04 13:46:15.0087 2556 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/06/04 13:46:15.0290 2556 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
2011/06/04 13:46:15.0508 2556 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/04 13:46:15.0695 2556 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
2011/06/04 13:46:15.0820 2556 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/06/04 13:46:16.0023 2556 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/04 13:46:16.0132 2556 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/04 13:46:16.0179 2556 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/06/04 13:46:16.0335 2556 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/04 13:46:16.0366 2556 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/04 13:46:16.0491 2556 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/06/04 13:46:16.0585 2556 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/04 13:46:16.0756 2556 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/04 13:46:16.0787 2556 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/04 13:46:17.0006 2556 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/04 13:46:17.0240 2556 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/04 13:46:17.0474 2556 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/04 13:46:17.0630 2556 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/04 13:46:17.0770 2556 yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/06/04 13:46:17.0848 2556 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/04 13:46:17.0864 2556 ================================================================================
2011/06/04 13:46:17.0864 2556 Scan finished
2011/06/04 13:46:17.0864 2556 ================================================================================
2011/06/04 13:46:17.0879 4260 Detected object count: 0
2011/06/04 13:46:17.0879 4260 Actual detected object count: 0

cosinus · 05.06.2011, 11:43

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Mhhh · 06.06.2011, 11:33

warte auf weiter befehle

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-06-05.06 - Marvin 06.06.2011  12:22:50.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3950.2863 [GMT 2:00]
ausgeführt von:: c:\users\Marvin\Desktop\cofi.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
 * Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
c:\users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-06 bis 2011-06-06  ))))))))))))))))))))))))))))))
.
.
2011-06-06 10:27 . 2011-06-06 10:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-06 10:15 . 2011-06-06 10:21	--------	d-----w-	C:\32788R22FWJFW
2011-06-03 13:32 . 2011-06-03 13:32	--------	d-----w-	c:\users\Marvin\AppData\Local\AskToolbar
2011-06-03 12:04 . 2011-06-03 12:04	--------	d-----w-	c:\users\Marvin\AppData\Roaming\Malwarebytes
2011-06-03 12:03 . 2011-06-03 12:03	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-03 12:03 . 2011-05-29 07:11	39984	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-03 12:03 . 2011-06-03 13:37	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-03 12:03 . 2011-05-29 07:11	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-03 11:33 . 2011-06-03 11:33	--------	d--h--w-	c:\users\Marvin\AppData\Roaming\TuneUp Software
2011-06-03 11:32 . 2011-06-04 10:26	--------	d--h--w-	c:\programdata\TuneUp Software
2011-06-03 11:32 . 2011-06-03 11:32	--------	d-sh--w-	c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-06-01 14:51 . 2011-06-01 14:51	--------	d--h--w-	c:\users\Marvin\AppData\Roaming\Nero
2011-06-01 14:50 . 2011-06-01 14:50	--------	d--h--w-	c:\programdata\Nero
2011-06-01 14:50 . 2011-06-01 14:50	--------	d-----w-	c:\program files (x86)\Common Files\Nero
2011-06-01 14:49 . 2011-06-01 14:50	--------	d-----w-	c:\program files (x86)\Nero
2011-06-01 14:45 . 2011-06-01 14:45	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2011-06-01 14:44 . 2011-06-01 14:44	--------	d-----w-	c:\program files (x86)\Ask.com
2011-05-20 11:32 . 2011-05-20 11:32	--------	d--h--w-	c:\users\Marvin\AppData\Local\Apple Computer
2011-05-20 11:32 . 2011-06-01 14:30	--------	d--h--w-	c:\users\Marvin\AppData\Roaming\Apple Computer
2011-05-20 11:32 . 2011-05-20 11:32	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-05-20 11:32 . 2009-05-18 11:17	34152	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-20 11:32 . 2008-04-17 10:12	126312	----a-w-	c:\windows\system32\GEARAspi64.dll
2011-05-20 11:31 . 2011-05-20 11:31	--------	d-----w-	c:\program files (x86)\QuickTime
2011-05-20 11:31 . 2011-05-20 11:31	--------	d--h--w-	c:\users\Marvin\AppData\Local\Apple
2011-05-20 11:31 . 2011-05-20 11:31	--------	d-----w-	c:\program files (x86)\Apple Software Update
2011-05-20 11:30 . 2011-05-20 11:30	--------	d-----w-	c:\program files\Common Files\Apple
2011-05-20 11:30 . 2011-05-20 11:30	--------	d-----w-	c:\program files\Bonjour
2011-05-20 11:30 . 2011-05-20 11:30	--------	d-----w-	c:\program files (x86)\Bonjour
2011-05-20 11:30 . 2011-05-20 11:32	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2011-05-20 11:30 . 2011-05-20 11:30	--------	d--h--w-	c:\programdata\Apple
2011-05-20 10:59 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2011-05-20 10:59 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2011-05-11 19:43 . 2011-04-09 06:45	5509504	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-05-11 19:43 . 2011-04-09 06:13	3957632	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 19:43 . 2011-04-09 06:13	3901824	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 14:26 . 2011-04-06 14:26	96544	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26	69408	----a-w-	c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26	237856	----a-w-	c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26	119584	----a-w-	c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	75040	----a-w-	c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20	197920	----a-w-	c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\SysWow64\dns-sd.exe
2011-03-11 06:19 . 2011-04-16 14:08	1359872	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-11 06:19 . 2011-04-16 14:08	1395712	----a-w-	c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-16 14:08	1164288	----a-w-	c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-16 14:08	1137664	----a-w-	c:\windows\SysWow64\mfc42.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-21 10:17	1233288	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-05-21 1233288]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1484856]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-09 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 136176]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/postgres/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/postgres/data -w [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 149032]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 836608]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 1250160]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 02:25]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 02:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Free YouTube to MP3 Converter - c:\users\Marvin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\8fbz7knh.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/postgres/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/postgres/data\" -w"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/postgres/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/postgres/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-06  12:31:35
ComboFix-quarantined-files.txt  2011-06-06 10:31
.
Vor Suchlauf: 6 Verzeichnis(se), 437.277.671.424 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 436.769.402.880 Bytes frei
.
- - End Of File - - 5A4FAE34AA8C5B419F906B5DAEA28D48

--- --- ---

cosinus · 06.06.2011, 13:25

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Mhhh · 06.06.2011, 16:58

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VPCEC4L1E
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 189):
0x03412000 \SystemRoot\system32\ntoskrnl.exe
0x039EE000 \SystemRoot\system32\hal.dll
0x00BC2000 \SystemRoot\system32\kdcom.dll
0x00C67000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CAB000 \SystemRoot\system32\PSHED.dll
0x00CBF000 \SystemRoot\system32\CLFS.SYS
0x00D1D000 \SystemRoot\system32\CI.dll
0x00E13000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EB7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC6000 \SystemRoot\system32\drivers\ACPI.sys
0x00F1D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F26000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F30000 \SystemRoot\system32\drivers\pci.sys
0x00F63000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F70000 \SystemRoot\System32\drivers\partmgr.sys
0x00F85000 \SystemRoot\system32\drivers\compbatt.sys
0x00F8E000 \SystemRoot\system32\drivers\BATTC.SYS
0x00F9A000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FAF000 \SystemRoot\System32\drivers\mountmgr.sys
0x01009000 \SystemRoot\system32\drivers\iaStor.sys
0x01213000 \SystemRoot\system32\drivers\amdxata.sys
0x0121E000 \SystemRoot\system32\drivers\fltmgr.sys
0x0126A000 \SystemRoot\system32\drivers\fileinfo.sys
0x0127E000 \SystemRoot\system32\drivers\mfehidk.sys
0x012FD000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0141E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01309000 \SystemRoot\System32\Drivers\msrpc.sys
0x015C1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01367000 \SystemRoot\System32\Drivers\cng.sys
0x015DB000 \SystemRoot\System32\drivers\pcw.sys
0x015EC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016EE000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AB5000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01AF9000 \SystemRoot\system32\drivers\TDI.SYS
0x01B06000 \SystemRoot\system32\drivers\volsnap.sys
0x01B52000 \SystemRoot\System32\Drivers\spldr.sys
0x01B5A000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B94000 \SystemRoot\System32\Drivers\mup.sys
0x01BA6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01BAF000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BE9000 \SystemRoot\system32\drivers\disk.sys
0x01A00000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x04272000 \SystemRoot\system32\drivers\cdrom.sys
0x0429C000 \SystemRoot\System32\Drivers\Null.SYS
0x042A5000 \SystemRoot\System32\Drivers\Beep.SYS
0x042AC000 \SystemRoot\System32\drivers\vga.sys
0x042BA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x042DF000 \SystemRoot\System32\drivers\watchdog.sys
0x042EF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x042F8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04301000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0430A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04315000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04326000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04344000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02E4C000 \SystemRoot\system32\drivers\afd.sys
0x02ED6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02EDF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F05000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02F1B000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x02F2C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F3B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F56000 \SystemRoot\system32\drivers\termdd.sys
0x02F6A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02FBB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02FC7000 \SystemRoot\system32\drivers\mssmbios.sys
0x02FD2000 \SystemRoot\System32\drivers\discache.sys
0x02FE1000 \SystemRoot\System32\Drivers\dfsc.sys
0x02E00000 \SystemRoot\system32\drivers\blbdrive.sys
0x02E11000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A04000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05029000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0511D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05163000 \SystemRoot\system32\drivers\HDAudBus.sys
0x05187000 \SystemRoot\system32\drivers\HECIx64.sys
0x05198000 \SystemRoot\system32\drivers\usbehci.sys
0x051A9000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04446000 \SystemRoot\system32\DRIVERS\athrx.sys
0x045CA000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x045D7000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x04400000 \SystemRoot\system32\drivers\rimssne64.sys
0x04420000 \SystemRoot\system32\drivers\risdsne64.sys
0x04389000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x04000000 \SystemRoot\system32\drivers\i8042prt.sys
0x02E37000 \SystemRoot\system32\drivers\kbdclass.sys
0x01A3E000 \SystemRoot\system32\drivers\Apfiltr.sys
0x0401E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04439000 \SystemRoot\system32\drivers\SFEP.sys
0x0402D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0403A000 \SystemRoot\system32\drivers\intelppm.sys
0x0443C000 \SystemRoot\system32\drivers\CmBatt.sys
0x043EE000 \SystemRoot\system32\drivers\CompositeBus.sys
0x01A8D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x013DA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x01AA3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00FC9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x017E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00DDD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x01400000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04441000 \SystemRoot\system32\drivers\swenum.sys
0x046D0000 \SystemRoot\system32\drivers\ks.sys
0x04713000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04725000 \SystemRoot\system32\drivers\usbhub.sys
0x0477F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04794000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x04600000 \SystemRoot\system32\drivers\portcls.sys
0x0463D000 \SystemRoot\system32\drivers\drmk.sys
0x0465F000 \SystemRoot\system32\drivers\ksthunk.sys
0x0581D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05A5B000 \SystemRoot\system32\drivers\mfeavfk.sys
0x05A88000 \SystemRoot\system32\drivers\mfefirek.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x05AF2000 \SystemRoot\System32\drivers\Dxapi.sys
0x05AFE000 \SystemRoot\system32\drivers\usbccgp.sys
0x05B1B000 \SystemRoot\system32\drivers\USBD.SYS
0x05B1D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05B4B000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x05B55000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x05B63000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04050000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05B71000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00740000 \SystemRoot\System32\cdd.dll
0x03B7C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03B85000 \SystemRoot\system32\drivers\luafv.sys
0x03BA8000 \SystemRoot\system32\drivers\WudfPf.sys
0x03BC9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A5C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03BDE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x056C0000 \SystemRoot\system32\drivers\HTTP.sys
0x05788000 \SystemRoot\system32\DRIVERS\bowser.sys
0x057A6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x057BE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0564E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06037000 \SystemRoot\system32\drivers\peauth.sys
0x060DD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x060E8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06115000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06127000 \SystemRoot\System32\DRIVERS\srv2.sys
0x03A18000 \SystemRoot\System32\DRIVERS\srv.sys
0x061BB000 \SystemRoot\system32\drivers\cfwids.sys
0x061C9000 \SystemRoot\system32\drivers\mfeapfk.sys
0x77140000 \Windows\System32\ntdll.dll
0x478D0000 \Windows\System32\smss.exe
0xFF460000 \Windows\System32\apisetschema.dll
0xFF2D0000 \Windows\System32\autochk.exe
0xFF400000 \Windows\System32\Wldap32.dll
0xFF3E0000 \Windows\System32\imagehlp.dll
0xFF2B0000 \Windows\System32\rpcrt4.dll
0xFF260000 \Windows\System32\ws2_32.dll
0xFE4D0000 \Windows\System32\shell32.dll
0xFE3F0000 \Windows\System32\advapi32.dll
0xFE370000 \Windows\System32\difxapi.dll
0xFE360000 \Windows\System32\lpk.dll
0xFE350000 \Windows\System32\nsi.dll
0xFE140000 \Windows\System32\ole32.dll
0xFE110000 \Windows\System32\imm32.dll
0xFE030000 \Windows\System32\oleaut32.dll
0x77040000 \Windows\System32\user32.dll
0xFDFC0000 \Windows\System32\gdi32.dll
0xFDF20000 \Windows\System32\comdlg32.dll
0xFDCC0000 \Windows\System32\iertutil.dll
0xFDBB0000 \Windows\System32\msctf.dll
0x76F20000 \Windows\System32\kernel32.dll
0xFD9D0000 \Windows\System32\setupapi.dll
0xFD850000 \Windows\System32\urlmon.dll
0xFD7D0000 \Windows\System32\shlwapi.dll
0xFD7B0000 \Windows\System32\sechost.dll
0xFD710000 \Windows\System32\clbcatq.dll
0x77310000 \Windows\System32\normaliz.dll
0xFD670000 \Windows\System32\msvcrt.dll
0x77300000 \Windows\System32\psapi.dll
0xFD5A0000 \Windows\System32\usp10.dll
0xFD470000 \Windows\System32\wininet.dll
0xFD430000 \Windows\System32\wintrust.dll
0xFD410000 \Windows\System32\devobj.dll
0xFD3D0000 \Windows\System32\cfgmgr32.dll
0xFD260000 \Windows\System32\crypt32.dll
0xFD1C0000 \Windows\System32\comctl32.dll
0xFD150000 \Windows\System32\KernelBase.dll
0xFD140000 \Windows\System32\msasn1.dll
0x76180000 \Windows\SysWOW64\normaliz.dll

Processes (total 92):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
588 csrss.exe
660 C:\Windows\System32\wininit.exe
680 csrss.exe
716 C:\Windows\System32\services.exe
768 C:\Windows\System32\winlogon.exe
780 C:\Windows\System32\lsass.exe
788 C:\Windows\System32\lsm.exe
916 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
372 C:\Windows\System32\atiesrxx.exe
604 C:\Windows\System32\svchost.exe
392 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\audiodg.exe
1132 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\atieclxx.exe
1528 C:\Windows\System32\spoolsv.exe
1556 C:\Windows\System32\svchost.exe
1592 taskeng.exe
1668 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1740 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1796 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1828 C:\Windows\System32\svchost.exe
1888 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1912 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
1956 C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
2004 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
1420 C:\Windows\System32\rundll32.exe
1576 C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
1608 C:\Windows\SysWOW64\rundll32.exe
1452 C:\postgres\bin\pg_ctl.exe
2056 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
2080 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
2116 C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
2132 postgres.exe
2140 conhost.exe
2272 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
2300 postgres.exe
2352 postgres.exe
2360 postgres.exe
2368 postgres.exe
2376 postgres.exe
2464 C:\Windows\System32\taskeng.exe
2500 C:\Windows\System32\taskeng.exe
2532 C:\Windows\System32\taskeng.exe
2548 dllhost.exe
2620 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
2660 C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
2716 C:\Windows\System32\taskhost.exe
2796 C:\Windows\System32\dwm.exe
2860 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
2948 C:\Windows\System32\svchost.exe
2444 C:\Windows\System32\rundll32.exe
3172 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
3220 C:\Windows\explorer.exe
3248 C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
3264 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
3300 WmiPrvSE.exe
3400 C:\Windows\System32\svchost.exe
3764 C:\Program Files\Sony\VAIO Care\VCSpt.exe
3192 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
3984 C:\Program Files\Apoint\Apoint.exe
4088 C:\Windows\System32\svchost.exe
4140 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
4168 C:\Program Files\mcafee.com\agent\mcagent.exe
4228 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
4248 C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
4288 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4332 WmiPrvSE.exe
4532 C:\Program Files\Apoint\ApMsgFwd.exe
4604 C:\Windows\System32\SearchIndexer.exe
4752 C:\Program Files\Windows Media Player\wmpnetwk.exe
4816 C:\Program Files\Apoint\Apvfb.exe
4824 C:\Program Files\Apoint\ApntEx.exe
4840 C:\Windows\System32\conhost.exe
4956 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5020 C:\Windows\System32\SearchProtocolHost.exe
5044 C:\Windows\System32\SearchFilterHost.exe
4512 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5084 C:\Windows\System32\svchost.exe
1728 C:\Program Files\Sony\VAIO Care\VCsystray.exe
5632 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1972 C:\Windows\explorer.exe
5584 dllhost.exe
5416 dllhost.exe
5596 C:\Users\Marvin\Desktop\MBRCheck.exe
5604 C:\Windows\System32\conhost.exe
5468 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`5e200000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545050B9SA00, Rev: PB4OC60X

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

cosinus · 06.06.2011, 18:48

Noch was zum CF-Log

Zitat:

AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
* Im Speicher befindliches AV aktiv.

Virenscanner solltest du VOR dem Ausführen von CF komplett abstellen!
Von der McAfee Firewall würde ich dir abraten, also deinstalliere sie und verwende die Windows-Firewall.

Mach danach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Mhhh · 07.06.2011, 19:16

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/07/2011 at 12:56 PM

Application Version : 4.53.1000

Core Rules Database Version : 7220
Trace Rules Database Version: 5032

Scan type : Complete Scan
Total Scan Time : 01:21:03

Memory items scanned : 790
Memory threats detected : 0
Registry items scanned : 13234
Registry threats detected : 0
File items scanned : 129627
File threats detected : 19

Adware.Tracking Cookie
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@ad.yieldmanager[2].txt
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@adviva[1].txt
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@mediaplex[1].txt
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@ad1.adfarm1.adition[2].txt
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@invitemedia[1].txt
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@ad2.adfarm1.adition[1].txt
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@apmebf[2].txt
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@adfarm1.adition[2].txt
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@adx.chip[1].txt
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@doubleclick[1].txt
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@content.yieldmanager[1].txt
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@collective-media[2].txt
C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Cookies\marvin@specificclick[1].txt
akamai.smartadserver.com [ C:\Users\Marvin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4292AXJ3 ]
cdn2.invitemedia.com [ C:\Users\Marvin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4292AXJ3 ]
content.yieldmanager.edgesuite.net [ C:\Users\Marvin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4292AXJ3 ]
ia.media-imdb.com [ C:\Users\Marvin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4292AXJ3 ]
media.mtvnservices.com [ C:\Users\Marvin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4292AXJ3 ]
secure-uk.imrworldwide.com [ C:\Users\Marvin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4292AXJ3 ]

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6795

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.06.2011 12:03:31
mbam-log-2011-06-07 (12-03-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 317401
Laufzeit: 33 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mansion Poker (PUP.Casino) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Poker\mansionpoker\_setuppoker_11d087.exe (PUP.Casino) -> Quarantined and deleted successfully.

Das mit dem Ausführen hat irgendwie nicht geklappt. habe dann im Eset ordner die Datei gefunden weiß nicht ob du damit was anfangen kannst:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=f407e6b134e9764384f48f3a9fb6e064
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-07 12:08:51
# local_time=2011-06-07 02:08:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 6019 59075779 0 0
# compatibility_mode=8192 67108863 100 0 773 773 0 0
# scanned=137718
# found=0
# cleaned=0
# scan_time=2602

cosinus · 07.06.2011, 22:08

Sieht ok aus, da wurden nur Cookiesund zwei Überreste gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Mhhh · 08.06.2011, 08:23

eigentlich nicht mehr, nur das immer noch ein paar symbole fehlen (z.B im Startmenü). die Symbole die aber vorher transparent waren sind jetzt wieder normal. Bildschirmhintergrund konnte ich auch wieder ändern.

Edit: achso und es kommt oft die Meldung "Vaio Gate funktioniert nicht mehr. Windows kann online...."

Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: VAIO Gate.exe
Anwendungsversion: 2.2.0.6080
Anwendungszeitstempel: 4c0c4b17
Fehlermodulname: VAIO Gate.exe
Fehlermodulversion: 2.2.0.6080
Fehlermodulzeitstempel: 4c0c4b17
Ausnahmecode: c0000005
Ausnahmeoffset: 0000000000031c5f
Betriebsystemversion: 6.1.7600.2.0.0.768.3
Gebietsschema-ID: 1031
Zusatzinformation 1: 0f53
Zusatzinformation 2: 0f53787dc60b96aca1106fdfbb5b867b
Zusatzinformation 3: b9b5
Zusatzinformation 4: b9b57b01dc73fce615ba59fea9466604

Gruß

cosinus · 08.06.2011, 09:36

Kann ich mir keinen Reim drauf machen. VAIO-Rechner von Sony kenn ich nicht, von daher wiß ich auch nicht wie die Software gestrickt ist und was sie genau machen soll.

Nutzt du VAIO Gate aktiv oder läuft es mehr oder weniger nur sinnlos im Hintergrund?

Mhhh · 08.06.2011, 11:09

Ich weiß ehrlich gesagt noch nicht mal was vaio gate ist

Ansonsten funktioniert alles wie gesagt einwandfrei, bis auf fehlende Symbole. Die muss ich aber wohl selbst manuell wiederherstellen oder?

Edit. Hm die Ordner sind aber leer (Skype etc..) sodass ich die Verknüpfungen gar nicht wiederherstellen kann?!

Gruß und vielen Dank für deine Hilfe

07.06.2011, 22:08	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Recovery enfernt? Desktop noch schwarz und icons weg bzw. transparent Sieht ok aus, da wurden nur Cookiesund zwei Überreste gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit? __________________ Logfiles bitte immer in CODE-Tags posten

08.06.2011, 09:36	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Recovery enfernt? Desktop noch schwarz und icons weg bzw. transparent Kann ich mir keinen Reim drauf machen. VAIO-Rechner von Sony kenn ich nicht, von daher wiß ich auch nicht wie die Software gestrickt ist und was sie genau machen soll. Nutzt du VAIO Gate aktiv oder läuft es mehr oder weniger nur sinnlos im Hintergrund? __________________ Logfiles bitte immer in CODE-Tags posten

Windows Recovery enfernt? Desktop noch schwarz und icons weg bzw. transparent

Log-Analyse und Auswertung: Windows Recovery enfernt? Desktop noch schwarz und icons weg bzw. transparent