Trojaner-Board - Weiterhin Probleme nach BKA-Scareware-Befall

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Weiterhin Probleme nach BKA-Scareware-Befall (https://www.trojaner-board.de/101554-weiterhin-probleme-bka-scareware-befall.html)

Weiterhin Probleme nach BKA-Scareware-Befall

Hallo,

ich habe mir vorgestern die "BKA"-Scareware eingefangen, die selbst den Abgesicherten Modus erledigt. Über den abgesicherten Modus mit Eingabeaufforderung konnte ich in der Registry den manipulierten Eintrag durch explorer.exe ersetzen. Danach konnte ich zumindest wieder neu starten und den PC wieder normal bedienen.
Habe danach Antivir, Malwarebyte und Spybot durchlaufen lassen und die (wenigen) Treffer entfernen lassen. Danach waren auch erstmal keine weiteren Symptome zu spüren, auch gestern nicht.

Heute allerdings erschien gleich nach dem Hochfahren die Fehlermeldung "explorer.exe funktioniert nicht mehr richtig". Danach wurde gleich der Explorer neugestartet, woraufhin die Meldung erneut erschien, das wiederholte sich dann immer weiter. Eine Bedienung des Computers war dadurch kaum noch möglich. Auch im abgesicherten Modus erschien die Meldung.
Ich habe es dann irgendwann doch noch geschafft, mir das Programm ShellExView runterzuladen. Damit habe ich dann alle nicht zu Microsoft gehörenden Shell-Extensions deaktiviert. Die Fehlermeldung erschien von da an nicht mehr. Ich konnte jedoch nicht herausfinden, welcher Eintrag genau für den Fehler verantwortlich war.

Im Moment läuft eigentlich alles wieder einwandfrei, dennoch ist klar, dass noch irgendwo etwas im Argen liegt. Daher wollte ich mein System mal durchchecken lassen.

System: Vista SP 2 32 Bit

Defogger:

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:55 on 20/07/2011 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

OTL.txt:
OTL Logfile:

Code:

OTL logfile created on: 20.07.2011 23:18:51 - Run 2

OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\***\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,80% Memory free

6,21 Gb Paging File | 5,00 Gb Available in Paging File | 80,44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 228,63 Gb Total Space | 72,95 Gb Free Space | 31,91% Space Free | Partition Type: NTFS

Drive J: | 223,45 Gb Total Space | 2,58 Gb Free Space | 1,16% Space Free | Partition Type: NTFS

 

Computer Name: ***PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)

PRC - C:\Programme\RocketDock\RocketDock.exe ()

PRC - C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()

PRC - C:\Programme\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()

PRC - C:\Programme\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)

PRC - C:\Programme\Targa VFD Display\Targa VFD Display.exe (Ing.-Büro Dr. Ruge)

PRC - C:\Windows\ModLEDKey.exe (Chicony)

PRC - C:\Windows\CNYHKey.exe (Chicony)

PRC - C:\Windows\System32\PSIService.exe ()

PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)

SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()

SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()

SRV - (CheckStage2_svc) -- C:\Windows\CheckStage2.exe ()

SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)

DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)

DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)

DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)

DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)

DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)

DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)

DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)

DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)

DRV - (MRV6X32U) -- C:\Windows\System32\drivers\MRVW23B.sys (A/WLAN-1)

DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)

DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)

DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)

DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (ASUSTeK)

DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 2D DC C2 7D 1A CB 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60141

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10

FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 3

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 60141

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2768: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2826: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1578: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.27 14:01:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.27 14:01:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5015

 

[2010.06.12 16:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2011.07.20 15:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions

[2010.06.13 16:43:48 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}

[2010.06.25 00:04:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.10.23 17:40:45 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}

[2010.08.15 14:56:40 | 000,000,000 | ---D | M] ("FootieFox") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}

[2010.07.25 14:37:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.06.27 20:24:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.07.05 10:58:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.01.22 16:36:10 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\firefox@tvunetworks.com

[2010.06.13 16:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ntxe4yam.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions

[2010.06.13 11:01:21 | 000,004,140 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ntxe4yam.default\searchplugins\youtube.xml

[2011.06.28 08:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.05.11 19:32:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.11 22:02:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.11.10 21:24:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.01.09 14:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.04.08 18:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.28 08:33:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2007.11.25 16:21:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[2008.03.09 10:33:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

[2008.08.12 12:18:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2008.12.10 11:01:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009.04.05 19:36:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009.09.03 18:25:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009.12.01 21:06:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010.04.10 09:37:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

[2010.05.11 19:32:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.11 22:02:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.11.10 21:24:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.01.09 14:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.04.08 18:13:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.28 08:33:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2006.12.05 16:27:46 | 001,689,824 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFp415.dll

[2007.11.16 09:54:08 | 002,090,976 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFp41629.dll

[2006.04.28 12:22:26 | 000,719,064 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv415.dll

[2007.11.22 10:50:49 | 001,193,952 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv41629.dll

[2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll

[2011.03.25 09:17:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.03.25 09:17:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.03.25 09:17:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.03.25 09:17:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.03.25 09:17:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.07.20 01:25:29 | 000,435,677 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 14995 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Programme\Xi\NetXfer\NXIEHelper.dll (Xi)

O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programme\Xi\NetXfer\NXToolBar.dll (Xi)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [ledpointer] C:\Windows\CNYHKey.exe (Chicony)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MoLed] C:\Windows\ModLEDKey.exe (Chicony)

O4 - HKLM..\Run: [TVEService] C:\Program Files\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Programme\Xi\NetXfer\NXAddList.html ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Programme\Xi\NetXfer\NXAddLink.html ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -  File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.76 81.173.194.69

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe

O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\AutoRun\command - "" = K:\System\Security\DriveGuard.exe -run

O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\Explore\Command - "" = K:\System\Security\DriveGuard.exe -run

O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\Open\Command - "" = K:\System\Security\DriveGuard.exe -run

O33 - MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe

O33 - MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7t.dll

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FIFA 11-Registrierung.lnk - C:\Programme\EA Sports\FIFA 11\Support\EAregister.exe - (Leader Technologies)

MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

MsConfig - StartUpReg: Getdo - hkey= - key= -  File not found

MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

MsConfig - StartUpReg: NvCplDaemonTool - hkey= - key= -  File not found

MsConfig - StartUpReg: Olelink - hkey= - key= -  File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

MsConfig - StartUpReg: Ricycle.Bin.exe - hkey= - key= -  File not found

MsConfig - StartUpReg: Userinit - hkey= - key= -  File not found

MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()

MsConfig - State: "startup" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.07.20 23:01:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD

[2011.07.20 22:57:04 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2011.07.20 22:13:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander

[2011.07.20 22:13:36 | 000,000,000 | ---D | C] -- C:\totalcmd

[2011.07.20 22:13:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GHISLER

[2011.07.20 22:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011.07.20 22:00:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2009.03.18 00:50:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.07.20 23:07:16 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.07.20 23:07:16 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.07.20 23:07:16 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.07.20 23:07:15 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.07.20 23:06:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1415130864-2451929093-3127007980-1001UA.job

[2011.07.20 23:01:35 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011.07.20 23:00:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.07.20 23:00:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.07.20 23:00:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.07.20 23:00:51 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011.07.20 23:00:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.07.20 23:00:44 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys

[2011.07.20 22:59:26 | 000,000,506 | ---- | M] () -- C:\Users\***\Desktop\2lyv44my - Verknüpfung.lnk

[2011.07.20 22:56:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2011.07.20 22:54:50 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable

[2011.07.20 22:54:23 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe

[2011.07.20 22:42:02 | 000,002,525 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk

[2011.07.20 22:40:24 | 000,325,611 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache

[2011.07.20 22:39:42 | 000,281,777 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache

[2011.07.20 22:29:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.07.20 22:28:35 | 000,000,615 | ---- | M] () -- C:\Users\***\Desktop\shexview - Verknüpfung.lnk

[2011.07.20 22:23:19 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache

[2011.07.20 22:13:38 | 000,000,584 | ---- | M] () -- C:\Users\***\Desktop\Total Commander.lnk

[2011.07.20 21:29:55 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2011.07.20 15:55:07 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4D30E75-180D-4663-8E32-7FA25F2659F3}.job

[2011.07.20 15:43:25 | 000,052,736 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.20 10:02:50 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1415130864-2451929093-3127007980-1001Core.job

[2011.07.20 01:25:29 | 000,435,677 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.07.19 23:26:11 | 000,008,592 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat

[2011.07.19 23:00:25 | 000,001,724 | ---- | M] () -- C:\Users\***\Desktop\Trillian.lnk

[2011.07.15 10:07:57 | 000,002,047 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk

[2011.07.14 15:24:30 | 000,287,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

 
 ========== Files Created - No Company Name ==========

 

[2011.07.20 22:59:26 | 000,000,506 | ---- | C] () -- C:\Users\***\Desktop\2lyv44my - Verknüpfung.lnk

[2011.07.20 22:55:44 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe

[2011.07.20 22:54:50 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable

[2011.07.20 22:40:24 | 000,325,611 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache

[2011.07.20 22:39:42 | 000,281,777 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache

[2011.07.20 22:28:35 | 000,000,615 | ---- | C] () -- C:\Users\***\Desktop\shexview - Verknüpfung.lnk

[2011.07.20 22:23:19 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache

[2011.07.20 22:13:38 | 000,000,584 | ---- | C] () -- C:\Users\***\Desktop\Total Commander.lnk

[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF

[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF

[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF

[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF

[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF

[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF

[2011.07.20 22:13:37 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF

[2011.07.20 22:00:17 | 000,002,525 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk

[2011.07.20 21:33:04 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys

[2011.05.29 22:51:14 | 000,000,563 | ---- | C] () -- C:\Windows\eReg.dat

[2011.03.21 11:53:46 | 000,005,743 | ---- | C] () -- C:\Users\***\AppData\Roaming\E9EA.9A6

[2010.06.12 16:08:08 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2010.06.11 02:05:15 | 000,000,032 | --S- | C] () -- C:\Users\***\AppData\Local\909563405.dat

[2010.02.17 13:44:15 | 000,000,020 | ---- | C] () -- C:\Users\***\AppData\Roaming\sgcpom.dat

[2010.01.28 02:31:41 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini

[2010.01.07 22:35:36 | 000,034,997 | ---- | C] () -- C:\ProgramData\nvModes.001

[2010.01.07 22:35:08 | 000,034,997 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2010.01.07 11:56:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010.01.07 00:34:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.01.07 00:34:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.10.29 17:46:30 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI

[2009.08.30 16:20:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2009.03.18 00:50:32 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat

[2009.03.18 00:50:32 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf

[2008.10.28 18:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2008.09.30 23:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI

[2008.08.03 16:59:04 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat

[2008.07.29 17:21:20 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe

[2008.02.28 10:18:12 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini

[2007.12.13 23:37:18 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2007.12.13 23:37:16 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2007.12.13 23:37:15 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2007.11.16 17:29:23 | 000,001,688 | ---- | C] () -- C:\Windows\unins000.dat

[2007.09.21 16:16:20 | 000,164,352 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe

[2007.09.18 15:00:40 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html

[2007.07.13 11:07:41 | 000,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll

[2007.07.13 11:07:40 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe

[2007.07.13 11:07:40 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe

[2007.07.13 11:07:40 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe

[2007.07.13 11:07:40 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe

[2007.07.13 11:07:40 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2007.06.05 21:12:20 | 000,052,736 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007.06.01 23:15:10 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2007.06.01 22:58:14 | 000,008,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat

[2007.05.10 12:48:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2007.04.30 14:10:35 | 000,135,168 | ---- | C] () -- C:\Windows\System32\TXTUSER.EXE

[2007.04.30 13:58:08 | 000,103,024 | ---- | C] () -- C:\Windows\Unwise.exe

[2007.04.30 11:58:56 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat

[2007.04.30 10:35:05 | 000,049,152 | ---- | C] () -- C:\Windows\CNYUSB.dll

[2007.04.30 10:35:05 | 000,005,120 | ---- | C] () -- C:\Windows\HKCYDLL.dll

[2007.04.30 10:35:05 | 000,000,360 | ---- | C] () -- C:\Windows\CNYHKey.ini

[2007.04.30 10:22:41 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll

[2007.04.30 10:22:41 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe

[2007.04.30 10:22:41 | 000,016,384 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL

[2007.04.30 10:22:41 | 000,013,312 | ---- | C] () -- C:\Windows\System32\VistaRundll.exe

[2007.04.25 11:51:38 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll

[2007.04.11 12:31:51 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI

[2007.02.22 16:34:41 | 000,462,848 | ---- | C] () -- C:\Windows\CheckStage2.exe

[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2006.11.02 17:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 17:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,287,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.09.20 07:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini

[2002.02.10 02:00:00 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe

 
 ========== LOP Check ==========

 

[2011.03.15 14:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\667011

[2010.07.18 21:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon

[2009.08.30 16:20:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari

[2010.06.03 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner

[2010.07.25 14:37:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.01.31 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flatcast

[2011.07.20 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER

[2009.03.10 00:29:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2009.11.27 02:44:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KlipFolio

[2009.08.30 16:19:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech

[2009.03.18 01:36:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag

[2007.07.24 20:59:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SecondLife

[2009.02.26 22:09:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp

[2009.04.10 10:07:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software

[2009.03.18 00:50:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso

[2008.10.01 00:15:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xi

[2011.07.20 22:59:52 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.07.20 15:55:07 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A4D30E75-180D-4663-8E32-7FA25F2659F3}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2010.05.09 10:20:33 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2010.06.18 22:52:30 | 000,000,000 | -HSD | M] -- C:\Boot

[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2007.06.01 17:46:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2011.02.14 15:19:04 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft

[2008.02.12 16:47:51 | 000,000,000 | ---D | M] -- C:\Filme

[2007.12.23 13:56:44 | 000,000,000 | ---D | M] -- C:\Fotos Hochzeit Schaaf

[2008.04.25 18:21:20 | 000,000,000 | ---D | M] -- C:\MyWorks

[2007.10.10 00:46:54 | 000,000,000 | ---D | M] -- C:\No23Recorder

[2010.01.06 18:52:49 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.07.20 22:00:16 | 000,000,000 | R--D | M] -- C:\Program Files

[2011.02.21 20:59:56 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2007.06.01 17:46:31 | 000,000,000 | -HSD | M] -- C:\Programme

[2008.07.29 18:13:46 | 000,000,000 | ---D | M] -- C:\spiele

[2011.07.20 23:20:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2009.05.30 14:53:36 | 000,000,000 | ---D | M] -- C:\Temp

[2011.07.20 22:13:37 | 000,000,000 | ---D | M] -- C:\totalcmd

[2007.06.01 17:49:36 | 000,000,000 | R--D | M] -- C:\Users

[2010.07.18 16:54:29 | 000,000,000 | ---D | M] -- C:\vom alten PC

[2011.07.20 22:41:02 | 000,000,000 | ---D | M] -- C:\Windows

[2009.02.28 18:43:49 | 000,000,000 | -H-D | M] -- C:\{2426F42A-20BE-4F19-A8A5-640920671123}

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: EXPLORER.EXE  >

[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2007.11.15 04:02:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe

[2007.11.15 04:02:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe

[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-19 06:13:08

 
 <           >
 

< End of report >

--- --- ---

Extras.txt wurde nicht erstellt.

Gmer.txt:
GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2011-07-21 00:14:11

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000053 WDC_WD50 rev.12.0

Running: 2lyv44my.exe; Driver: C:\Users\***\AppData\Local\Temp\uwloipoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            A0C37DBC                                                                                                   ZwCreateThread

SSDT            A0C37DA8                                                                                                   ZwOpenProcess

SSDT            A0C37DAD                                                                                                   ZwOpenThread

SSDT            A0C37DB7                                                                                                   ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                              822EF9A4 4 Bytes  [BC, 7D, C3, A0]

.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                              822EFB74 4 Bytes  [A8, 7D, C3, A0]

.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                              822EFB90 4 Bytes  [AD, 7D, C3, A0]

.text           ntkrnlpa.exe!KeSetEvent + 621                                                                              822EFDA4 4 Bytes  [B7, 7D, C3, A0]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Program Files\Mozilla Firefox\firefox.exe[5520] ntdll.dll!LdrLoadDll                                    777593A8 5 Bytes  JMP 013313F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\fastfat \Fat                                                                                   fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                    0x55 0x10 0xD7 0xCE ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@f!s!s!\30!y!d!j!c!i!\24!\24!r!m!m!c!y!  19583823
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Ich hatte schon vorher ein paar mal kleinere Probleme mit Viren/Trojanern, habe da nach der Säuberung aber keine Langzeitfolgen mehr feststellen können. Dies jetzt war aber der wohl bislang mit Abstand heftigste Befall. Früher oder später werde ich wohl nicht um ein Neuaufsetzen herumkommen, aber nach Möglichkeit will ich vorher noch in Ruhe alles Wichtige sichern...

Vielen Dank schonmal im Voraus! :)

Zitat:

Habe danach Antivir, Malwarebyte und Spybot durchlaufen lassen und die (wenigen) Treffer entfernen lassen.

Bitte ALLE Logs von Malwarebytes posten

Alle, die noch verfügbar sind? Das sind ca. 20 seit 2008. Werden die irgendwo so gespeichert, dass ich sie gesammelt hochladen kann, oder muss ich sie alle jeweils einzeln rauskopieren und als Datei speichern?

Schau hier nach

C:\Users\(USER)\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Danke. :)
Ich mache noch einen erneuten Scan und poste sie danach.

Bitte pack alle zusammen in eine einzige ZIP-Datei dann. Ich will nicht hier 20 Dateien einzeln downloaden

So, hier nun nach dem neuesten (ergebnislosen) Scan alle verfügbaren Logs. Wo mehrere vom selben Datum vorhanden sind, wurden die früheren wohl in der Regel (wie heute) abgebrochen.

Den heutigen Scan habe ich im abgesicherten Modus durchgeführt, weil es dort deutlich schneller geht. Werden dadurch auch bestimmte Sachen nicht gefunden, weil die entsprechenden Prozesse ggf. nicht aktiv sind?

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 60141

FF - prefs.js..network.proxy.type: 0

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe

O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\AutoRun\command - "" = K:\System\Security\DriveGuard.exe -run

O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\Explore\Command - "" = K:\System\Security\DriveGuard.exe -run

O33 - MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\Shell\Open\Command - "" = K:\System\Security\DriveGuard.exe -run

O33 - MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe

O33 - MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe

[2011.03.21 11:53:46 | 000,005,743 | ---- | C] () -- C:\Users\***\AppData\Roaming\E9EA.9A6

[2011.03.15 14:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\667011

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Das OTL Fix-Log:

Code:

========== OTL ==========

Prefs.js: "127.0.0.1" removed from network.proxy.http

Prefs.js: 60141 removed from network.proxy.http_port

Prefs.js: 0 removed from network.proxy.type

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18b721de-6f25-11df-b5a4-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18b721de-6f25-11df-b5a4-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18b721de-6f25-11df-b5a4-806e6f6e6963}\ not found.

File E:\Autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{345bf03f-6c42-11dd-8917-001a92e976fe}\ not found.

File K:\System\Security\DriveGuard.exe -run not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{345bf03f-6c42-11dd-8917-001a92e976fe}\ not found.

File K:\System\Security\DriveGuard.exe -run not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{345bf03f-6c42-11dd-8917-001a92e976fe}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{345bf03f-6c42-11dd-8917-001a92e976fe}\ not found.

File K:\System\Security\DriveGuard.exe -run not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67077280-2a8a-11dd-9f96-00038a000015}\ not found.

File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67077280-2a8a-11dd-9f96-00038a000015}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67077280-2a8a-11dd-9f96-00038a000015}\ not found.

File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe not found.

C:\Users\Thomas\AppData\Roaming\E9EA.9A6 moved successfully.

C:\Users\Thomas\AppData\Roaming\667011 folder moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.26.1 log created on 07212011_180222

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

2011/07/21 19:09:05.0493 2248        TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/21 19:09:05.0905 2248        ================================================================================

2011/07/21 19:09:05.0905 2248        SystemInfo:

2011/07/21 19:09:05.0905 2248        

2011/07/21 19:09:05.0906 2248        OS Version: 6.0.6002 ServicePack: 2.0

2011/07/21 19:09:05.0906 2248        Product type: Workstation

2011/07/21 19:09:05.0906 2248        ComputerName: THOMASPC

2011/07/21 19:09:05.0906 2248        UserName: Thomas

2011/07/21 19:09:05.0906 2248        Windows directory: C:\Windows

2011/07/21 19:09:05.0906 2248        System windows directory: C:\Windows

2011/07/21 19:09:05.0906 2248        Processor architecture: Intel x86

2011/07/21 19:09:05.0906 2248        Number of processors: 2

2011/07/21 19:09:05.0906 2248        Page size: 0x1000

2011/07/21 19:09:05.0906 2248        Boot type: Normal boot

2011/07/21 19:09:05.0906 2248        ================================================================================

2011/07/21 19:09:06.0684 2248        Initialize success

2011/07/21 19:09:37.0070 4952        ================================================================================

2011/07/21 19:09:37.0070 4952        Scan started

2011/07/21 19:09:37.0070 4952        Mode: Manual; 

2011/07/21 19:09:37.0070 4952        ================================================================================

2011/07/21 19:09:37.0627 4952        3xHybrid        (b1e652b9e5cb8e28d3686299944dbcd3) C:\Windows\system32\DRIVERS\3xHybrid.sys

2011/07/21 19:09:37.0846 4952        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/07/21 19:09:37.0977 4952        ADIHdAudAddService (18214c7b97ae093a6631a2fba4129f68) C:\Windows\system32\drivers\ADIHdAud.sys

2011/07/21 19:09:38.0082 4952        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/07/21 19:09:38.0148 4952        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/07/21 19:09:38.0202 4952        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/07/21 19:09:38.0292 4952        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/07/21 19:09:38.0358 4952        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

2011/07/21 19:09:38.0399 4952        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2011/07/21 19:09:38.0435 4952        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/07/21 19:09:38.0542 4952        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2011/07/21 19:09:38.0633 4952        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2011/07/21 19:09:38.0703 4952        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2011/07/21 19:09:38.0760 4952        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/07/21 19:09:38.0826 4952        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/21 19:09:38.0905 4952        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/07/21 19:09:38.0995 4952        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/07/21 19:09:39.0078 4952        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/21 19:09:39.0123 4952        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/07/21 19:09:39.0186 4952        athrusb         (59db74ef3b328852a736578dff3fcad6) C:\Windows\system32\DRIVERS\athrusb.sys

2011/07/21 19:09:39.0332 4952        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/07/21 19:09:39.0465 4952        avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/07/21 19:09:39.0543 4952        avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys

2011/07/21 19:09:39.0612 4952        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/07/21 19:09:39.0719 4952        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/21 19:09:39.0784 4952        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/07/21 19:09:39.0835 4952        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/07/21 19:09:39.0876 4952        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/07/21 19:09:39.0930 4952        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/07/21 19:09:39.0969 4952        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/07/21 19:09:40.0013 4952        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/07/21 19:09:40.0046 4952        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/07/21 19:09:40.0111 4952        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/21 19:09:40.0147 4952        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/21 19:09:40.0207 4952        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/07/21 19:09:40.0307 4952        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/07/21 19:09:40.0397 4952        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2011/07/21 19:09:40.0453 4952        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

2011/07/21 19:09:40.0507 4952        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/07/21 19:09:40.0605 4952        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/07/21 19:09:40.0704 4952        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

2011/07/21 19:09:40.0769 4952        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/07/21 19:09:40.0839 4952        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/07/21 19:09:40.0952 4952        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/21 19:09:41.0015 4952        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/07/21 19:09:41.0101 4952        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/07/21 19:09:41.0209 4952        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/07/21 19:09:41.0312 4952        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/07/21 19:09:41.0384 4952        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/07/21 19:09:41.0470 4952        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/21 19:09:41.0545 4952        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/07/21 19:09:41.0593 4952        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/07/21 19:09:41.0639 4952        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/21 19:09:41.0684 4952        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/07/21 19:09:41.0755 4952        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/21 19:09:41.0798 4952        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/07/21 19:09:41.0838 4952        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/07/21 19:09:41.0894 4952        ggflt           (4b5fddbcb9407741f47818b8d1ee4a8e) C:\Windows\system32\DRIVERS\ggflt.sys

2011/07/21 19:09:41.0934 4952        ggsemc          (80bbcc9724b24a708ca9489c1e0a1e5f) C:\Windows\system32\DRIVERS\ggsemc.sys

2011/07/21 19:09:42.0074 4952        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/07/21 19:09:42.0151 4952        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/21 19:09:42.0182 4952        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/07/21 19:09:42.0211 4952        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/07/21 19:09:42.0272 4952        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/21 19:09:42.0329 4952        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/07/21 19:09:42.0375 4952        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2011/07/21 19:09:42.0462 4952        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/07/21 19:09:42.0557 4952        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/07/21 19:09:42.0586 4952        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/07/21 19:09:42.0635 4952        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/07/21 19:09:42.0696 4952        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

2011/07/21 19:09:42.0759 4952        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/21 19:09:42.0817 4952        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/21 19:09:42.0903 4952        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/07/21 19:09:42.0969 4952        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/07/21 19:09:43.0027 4952        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/07/21 19:09:43.0100 4952        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2011/07/21 19:09:43.0168 4952        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/07/21 19:09:43.0291 4952        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/07/21 19:09:43.0363 4952        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/07/21 19:09:43.0421 4952        JGOGO           (c995c0e8b4503fac38793bb0236ad246) C:\Windows\system32\DRIVERS\JGOGO.sys

2011/07/21 19:09:43.0472 4952        JRAID           (f4a31e66a61c0783f51157519b03280b) C:\Windows\system32\DRIVERS\jraid.sys

2011/07/21 19:09:43.0518 4952        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/21 19:09:43.0569 4952        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/21 19:09:43.0642 4952        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/21 19:09:43.0803 4952        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/21 19:09:43.0923 4952        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/07/21 19:09:44.0001 4952        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/07/21 19:09:44.0081 4952        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/07/21 19:09:44.0144 4952        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/07/21 19:09:44.0199 4952        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/07/21 19:09:44.0283 4952        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/07/21 19:09:44.0332 4952        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/21 19:09:44.0374 4952        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/21 19:09:44.0491 4952        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/21 19:09:44.0571 4952        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/07/21 19:09:44.0639 4952        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/07/21 19:09:44.0721 4952        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/21 19:09:44.0803 4952        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/07/21 19:09:44.0918 4952        MRV6X32U        (028a9ae788c9b43cb95384d803bd233d) C:\Windows\system32\DRIVERS\MRVW23B.sys

2011/07/21 19:09:44.0992 4952        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/07/21 19:09:45.0077 4952        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/21 19:09:45.0196 4952        mrxsmb10        (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/21 19:09:45.0244 4952        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/21 19:09:45.0294 4952        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2011/07/21 19:09:45.0343 4952        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/07/21 19:09:45.0500 4952        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/07/21 19:09:45.0544 4952        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/07/21 19:09:45.0625 4952        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/21 19:09:45.0672 4952        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/21 19:09:45.0708 4952        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/07/21 19:09:45.0870 4952        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/07/21 19:09:45.0972 4952        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/07/21 19:09:46.0049 4952        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/07/21 19:09:46.0085 4952        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/07/21 19:09:46.0164 4952        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/21 19:09:46.0229 4952        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/07/21 19:09:46.0293 4952        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/21 19:09:46.0329 4952        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/21 19:09:46.0378 4952        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/21 19:09:46.0442 4952        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/07/21 19:09:46.0547 4952        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/21 19:09:46.0598 4952        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/21 19:09:46.0676 4952        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/07/21 19:09:46.0720 4952        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/07/21 19:09:46.0768 4952        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/21 19:09:46.0908 4952        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/07/21 19:09:47.0030 4952        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/07/21 19:09:47.0080 4952        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/07/21 19:09:47.0172 4952        NVENETFD        (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys

2011/07/21 19:09:47.0714 4952        nvlddmkm        (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/07/21 19:09:48.0000 4952        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/07/21 19:09:48.0065 4952        nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys

2011/07/21 19:09:48.0123 4952        nvstor32        (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys

2011/07/21 19:09:48.0158 4952        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2011/07/21 19:09:48.0298 4952        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/07/21 19:09:48.0357 4952        Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

2011/07/21 19:09:48.0404 4952        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/07/21 19:09:48.0462 4952        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

2011/07/21 19:09:48.0533 4952        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/07/21 19:09:48.0597 4952        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

2011/07/21 19:09:48.0673 4952        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/07/21 19:09:48.0760 4952        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/07/21 19:09:49.0000 4952        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/21 19:09:49.0069 4952        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/07/21 19:09:49.0149 4952        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/21 19:09:49.0189 4952        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys

2011/07/21 19:09:49.0270 4952        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/07/21 19:09:49.0366 4952        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/07/21 19:09:49.0440 4952        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/21 19:09:49.0487 4952        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/21 19:09:49.0552 4952        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/21 19:09:49.0642 4952        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/21 19:09:49.0688 4952        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/21 19:09:49.0766 4952        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/21 19:09:49.0829 4952        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/21 19:09:49.0886 4952        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2011/07/21 19:09:49.0936 4952        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/21 19:09:49.0993 4952        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/07/21 19:09:50.0263 4952        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/21 19:09:50.0320 4952        s117bus         (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys

2011/07/21 19:09:50.0363 4952        s117mdfl        (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys

2011/07/21 19:09:50.0408 4952        s117mdm         (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys

2011/07/21 19:09:50.0461 4952        s117mgmt        (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys

2011/07/21 19:09:50.0533 4952        s117nd5         (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys

2011/07/21 19:09:50.0581 4952        s117obex        (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys

2011/07/21 19:09:50.0643 4952        s117unic        (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys

2011/07/21 19:09:50.0706 4952        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/07/21 19:09:50.0775 4952        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/21 19:09:50.0838 4952        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/21 19:09:50.0867 4952        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

2011/07/21 19:09:50.0908 4952        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/07/21 19:09:50.0977 4952        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/07/21 19:09:51.0018 4952        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/21 19:09:51.0050 4952        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/21 19:09:51.0084 4952        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/07/21 19:09:51.0128 4952        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2011/07/21 19:09:51.0178 4952        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/07/21 19:09:51.0224 4952        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/07/21 19:09:51.0275 4952        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/07/21 19:09:51.0330 4952        smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys

2011/07/21 19:09:51.0404 4952        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/07/21 19:09:51.0475 4952        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

2011/07/21 19:09:51.0506 4952        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/21 19:09:51.0528 4952        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/21 19:09:51.0600 4952        ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/07/21 19:09:51.0654 4952        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/07/21 19:09:51.0689 4952        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/07/21 19:09:51.0716 4952        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/07/21 19:09:51.0752 4952        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/07/21 19:09:51.0854 4952        Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2011/07/21 19:09:51.0908 4952        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/21 19:09:51.0948 4952        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/21 19:09:52.0002 4952        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/07/21 19:09:52.0116 4952        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/07/21 19:09:52.0175 4952        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/21 19:09:52.0229 4952        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/07/21 19:09:52.0316 4952        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/21 19:09:52.0387 4952        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/07/21 19:09:52.0429 4952        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/21 19:09:52.0480 4952        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/07/21 19:09:52.0561 4952        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/21 19:09:52.0639 4952        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/21 19:09:52.0688 4952        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/07/21 19:09:52.0741 4952        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/07/21 19:09:52.0801 4952        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/07/21 19:09:52.0853 4952        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/21 19:09:52.0966 4952        UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys

2011/07/21 19:09:53.0083 4952        USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

2011/07/21 19:09:53.0117 4952        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/21 19:09:53.0159 4952        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/07/21 19:09:53.0211 4952        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/21 19:09:53.0246 4952        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/21 19:09:53.0272 4952        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

2011/07/21 19:09:53.0331 4952        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/21 19:09:53.0356 4952        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/21 19:09:53.0471 4952        usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/21 19:09:53.0596 4952        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/21 19:09:53.0658 4952        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/07/21 19:09:53.0690 4952        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2011/07/21 19:09:53.0736 4952        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/07/21 19:09:53.0781 4952        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2011/07/21 19:09:53.0833 4952        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/07/21 19:09:53.0897 4952        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/07/21 19:09:53.0964 4952        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/07/21 19:09:54.0016 4952        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/07/21 19:09:54.0073 4952        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/07/21 19:09:54.0138 4952        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/21 19:09:54.0184 4952        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/21 19:09:54.0237 4952        wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys

2011/07/21 19:09:54.0291 4952        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/07/21 19:09:54.0430 4952        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/21 19:09:54.0647 4952        WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/21 19:09:54.0746 4952        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/07/21 19:09:54.0791 4952        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/21 19:09:54.0888 4952        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/21 19:09:55.0002 4952        MBR (0x1B8)     (2f04f445c78d9eb185bcf8fdef1e6df0) \Device\Harddisk0\DR0

2011/07/21 19:09:55.0252 4952        Boot (0x1200)   (89272cc64ee5a933205d399e2cf986be) \Device\Harddisk0\DR0\Partition0

2011/07/21 19:09:55.0285 4952        Boot (0x1200)   (85b522df6fcd8b9e84fdbdbda93cc5e3) \Device\Harddisk0\DR0\Partition1

2011/07/21 19:09:55.0292 4952        ================================================================================

2011/07/21 19:09:55.0292 4952        Scan finished

2011/07/21 19:09:55.0293 4952        ================================================================================

2011/07/21 19:09:55.0311 6108        Detected object count: 0

2011/07/21 19:09:55.0311 6108        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Combofix Log:

Code:

ComboFix 11-07-21.02 - Thomas 21.07.2011  19:49:23.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.2046 [GMT 2:00]

ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Thomas\AppData\Local\TempDIR

c:\users\Thomas\AppData\Local\TempDIR\SecureW2_TTLS_333.exe

c:\windows\system32\ccrpTmr6.dll

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-06-21 bis 2011-07-21  ))))))))))))))))))))))))))))))

.

.

2011-07-21 16:02 . 2011-07-21 16:02        --------        d-----w-        C:\_OTL

2011-07-20 20:13 . 2010-12-17 05:56        545        ----a-w-        c:\windows\UC.PIF

2011-07-20 20:13 . 2010-12-17 05:56        545        ----a-w-        c:\windows\RAR.PIF

2011-07-20 20:13 . 2010-12-17 05:56        545        ----a-w-        c:\windows\PKZIP.PIF

2011-07-20 20:13 . 2010-12-17 05:56        545        ----a-w-        c:\windows\PKUNZIP.PIF

2011-07-20 20:13 . 2010-12-17 05:56        545        ----a-w-        c:\windows\NOCLOSE.PIF

2011-07-20 20:13 . 2010-12-17 05:56        545        ----a-w-        c:\windows\LHA.PIF

2011-07-20 20:13 . 2010-12-17 05:56        545        ----a-w-        c:\windows\ARJ.PIF

2011-07-20 20:13 . 2011-07-20 20:13        --------        d-----w-        C:\totalcmd

2011-07-20 20:13 . 2011-07-20 20:13        --------        d-----w-        c:\users\Thomas\AppData\Roaming\GHISLER

2011-07-20 20:00 . 2011-07-20 20:00        388096        ----a-r-        c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-20 20:00 . 2011-07-20 20:00        --------        d-----w-        c:\program files\Trend Micro

2011-07-19 06:13 . 2011-06-07 15:55        7074640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D743C90-03DE-458A-ABB5-B54D3C1F3C38}\mpengine.dll

2011-07-13 06:54 . 2011-06-02 13:34        2043392        ----a-w-        c:\windows\system32\win32k.sys

2011-07-13 06:54 . 2011-04-20 15:55        375808        ----a-w-        c:\windows\system32\winsrv.dll

2011-07-13 06:54 . 2011-04-20 15:50        49152        ----a-w-        c:\windows\system32\csrsrv.dll

2011-06-29 12:14 . 2011-04-29 15:59        276992        ----a-w-        c:\windows\system32\schannel.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-06 17:52 . 2008-09-30 23:25        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-07-06 17:52 . 2008-09-30 23:25        41272        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-24 17:14 . 2009-10-03 07:15        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-05-21 07:21 . 2011-05-21 07:21        1138440        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-05-04 02:52 . 2010-05-11 17:32        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2006-05-03 09:06        163328        --sh--r-        c:\windows\System32\flvDX.dll

2007-02-21 10:47        31232        --sh--r-        c:\windows\System32\msfDX.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]

"ledpointer"="CNYHKey.exe" [2006-11-09 5585408]

"MoLed"="ModLEDKey.exe" [2006-11-09 53248]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]

"TVEService"="c:\program files\CyberLink\TV Enhance\TVEService.exe" [2007-05-08 155648]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Targa VFD Display.lnk - c:\windows\Installer\{635EDAAB-BF20-414D-A87A-3D43BFA3EDB9}\_240FB530969C6B2372E60D.exe [2007-4-30 11166]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FIFA 11-Registrierung.lnk]

path=c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 11-Registrierung.lnk

backup=c:\windows\pss\FIFA 11-Registrierung.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2009-07-07 01:07        1848648        ----a-w-        c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2008-03-11 01:20        689488        ----a-w-        c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-01 06:39        1164584        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-09-02 21:31        133104        ----atw-        c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-06-15 14:33        141624        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2011-07-06 17:52        1047656        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 13:40        155648        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 20:16        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-12-06 16:37        69216        ------w-        c:\program files\CyberLink\PowerDVD\PDVDServ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2007-10-10 05:28        36352        ----a-w-        c:\program files\Winamp\winampa.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe" /c

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" /background

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot

.

R2 CheckStage2_svc;CheckStage2_svc;c:\windows\CheckStage2.exe [2007-03-12 462848]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]

R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-01-27 13352]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 135664]

R3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\DRIVERS\MRVW23B.sys [2006-12-22 231040]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-05-08 299093]

S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2007-05-08 127059]

S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-10-27 2814080]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 31308142

*Deregistered* - 31308142

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 08:27]

.

2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 08:27]

.

2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1415130864-2451929093-3127007980-1001Core.job

- c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 21:31]

.

2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1415130864-2451929093-3127007980-1001UA.job

- c:\users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 21:31]

.

2011-07-21 c:\windows\Tasks\User_Feed_Synchronization-{A4D30E75-180D-4663-8E32-7FA25F2659F3}.job

- c:\windows\system32\msfeedssync.exe [2011-06-26 04:32]

.

.

------- Zusätzlicher Suchlauf -------

.

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:60141

IE: Alles mit NetXfer herunterladen - c:\program files\Xi\NetXfer\NXAddList.html

IE: Free YouTube to Mp3 Converter - c:\users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Herunterladen mit NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html

IE: Nach Microsoft &Excel exportieren - c:\programme\Microsoft Office\Office10\EXCEL.EXE/3000

IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta

TCP: DhcpNameServer = 81.173.194.76 81.173.194.69

FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ntxe4yam.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Vista-aero: {07b2a769-ed19-4483-87ce-c643914c81bb} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: FootieFox: {9fb7d178-155a-4318-9173-1a8eaaea7fe4} - %profile%\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}

FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}

FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.notify.interval - 600000

FF - user.js: content.switch.threshold - 1000000

FF - user.js: nglayout.initialpaint.delay - 600

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-Getdo - c:\users\Thomas\AppData\Roaming\Adobe\Update\flacor.dat

MSConfigStartUp-NvCplDaemonTool - c:\users\Thomas\LPLOAD~1.DLL

MSConfigStartUp-Olelink - c:\users\Thomas\AppData\Roaming\Bustor\depcom.exe

MSConfigStartUp-Ricycle.Bin - c:\ricycle.bin\Ricycle.Bin.exe

MSConfigStartUp-Userinit - c:\users\Thomas\AppData\Roaming\appconf32.exe

AddRemove-Xaldon WebSpider 2 - c:\windows\unin0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-07-21 19:56

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1415130864-2451929093-3127007980-1001\Software\SecuROM\License information*]

"datasecu"=hex:8e,17,cb,0a,39,13,40,37,43,5f,61,a2,56,28,32,15,57,ae,b8,2f,27,

   16,e2,d7,ee,25,67,6f,bd,d5,b8,f1,cb,44,d6,b2,b2,ea,be,9b,a7,d3,76,27,be,f1,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_USERS\S-1-5-21-1415130864-2451929093-3127007980-1001\Software\YourCompanyName\YourProductName\Version*]

"VersionData"=hex:0d,3b,25,66,19,03,6e,fd,4f,a8,a2,fa,9d,e1,52,c2,56,79,51,68,

   59,d5,f4,59,07,45,91,f9,29,b3,aa,34,ed,ab,21,a5,a5,d3,ad,08,4c,48,f7,d3,42,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2011-07-21  19:59:46

ComboFix-quarantined-files.txt  2011-07-21 17:59

.

Vor Suchlauf: 15 Verzeichnis(se), 76.676.096.000 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 76.684.849.152 Bytes frei

.

- - End Of File - - D12C18E9453E0B71DC04CB15C23AC2D7

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).