Trojaner-Board - PC startet nach längerer Inaktivität einfach neu, Anti-Rootkit findet viel

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - PC startet nach längerer Inaktivität einfach neu, Anti-Rootkit findet viel (https://www.trojaner-board.de/96423-pc-startet-laengerer-inaktivitaet-einfach-neu-anti-rootkit-findet-viel.html)

PC startet nach längerer Inaktivität einfach neu, Anti-Rootkit findet viel

Hallo,

mein PC startet nach längerer Inaktivität einfach neu, was dazu führt dass kein Virenscan durchläuft (komplett würde etwa 12 Stunden laufen und irgendwann startet er einfach neu, danach kommt eine Bluescreen-Meldung). Habe mal mit Sophos-Anti-Rootkit gescannt und viele Meldungen erhalten, die mir jetzt Sorgen machen. Außerdem gibts noch den OTL-Log (alle im Anhang)

Danke und viele Grüße

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ok, hier der malwarebytes-log

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6017
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

11.03.2011 13:10:59

mbam-log-2011-03-11 (13-10-59).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 181715

Laufzeit: 5 Minute(n), 0 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Zitat:

Art des Suchlaufs: Quick-Scan

Ich wollte einen Vollscan sehen.
Poste auch alle anderen vorhandenen Logs.

GMR hab ich auch mal scannen lassen.Ich kam dann gerade wieder an den PC --> war wohl in der Zwischenzeit wieder neu gestartet.

Malwarebytes-Scan läuft nochmal vollständig jetzt

Hier der Full-Scan:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6017
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

11.03.2011 20:08:47

mbam-log-2011-03-11 (20-08-47).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|K:\|N:\|)

Durchsuchte Objekte: 984028

Laufzeit: 3 Stunde(n), 4 Minute(n), 3 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 3
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\user\AppData\Roaming\mIRC\scripts\userinput.dll (Backdoor.Bot) -> Quarantined and deleted successfully.

k:\@unsortiert\@software\setup.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

k:\dropbox\my dropbox\Public\pantsoff.exe (PUP.PSWFinder) -> Quarantined and deleted successfully.

Zitat:

k:\@unsortiert\@software\setup.exe

Wasndas?? :confused:

war aus meinem download-ordner, irgendein programm ;) habs mal vorsichtshalber gelöscht

Und was für ein Programm was das?

weiß ich leider nicht mehr, das lagerte einfach als setup.exe im downloadordner, ohne weitere infos

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O4 - HKCU..\Run: []  File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0c640b21-0a5c-11df-bf84-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{0c640b21-0a5c-11df-bf84-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe

O33 - MountPoints2\{1498e5b9-0921-11e0-95b6-00241dddb090}\Shell - "" = AutoRun

O33 - MountPoints2\{1498e5b9-0921-11e0-95b6-00241dddb090}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe

O33 - MountPoints2\{e3022ed3-0a84-11df-b371-00241dddb090}\Shell - "" = AutoRun

O33 - MountPoints2\{e3022ed3-0a84-11df-b371-00241dddb090}\Shell\AutoRun\command - "" = N:\Setup.EXE

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9638A27E

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B174FAE

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2BE9FEFC

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Ist erledigt:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c640b21-0a5c-11df-bf84-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c640b21-0a5c-11df-bf84-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c640b21-0a5c-11df-bf84-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c640b21-0a5c-11df-bf84-806e6f6e6963}\ not found.

File E:\setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1498e5b9-0921-11e0-95b6-00241dddb090}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1498e5b9-0921-11e0-95b6-00241dddb090}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1498e5b9-0921-11e0-95b6-00241dddb090}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1498e5b9-0921-11e0-95b6-00241dddb090}\ not found.

File F:\LGAutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3022ed3-0a84-11df-b371-00241dddb090}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3022ed3-0a84-11df-b371-00241dddb090}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3022ed3-0a84-11df-b371-00241dddb090}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3022ed3-0a84-11df-b371-00241dddb090}\ not found.

File N:\Setup.EXE not found.

ADS C:\ProgramData\TEMP:9638A27E deleted successfully.

ADS C:\ProgramData\TEMP:0B174FAE deleted successfully.

ADS C:\ProgramData\TEMP:2BE9FEFC deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Arbeit

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Daniel

->Temp folder emptied: 23184014 bytes

->Temporary Internet Files folder emptied: 9479904 bytes

->Java cache emptied: 1357422 bytes

->FireFox cache emptied: 71512068 bytes

->Apple Safari cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 3635 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5766 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 724351648 bytes

 

Total Files Cleaned = 791.00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 03172011_093320
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Combofix Logfile:

Code:

ComboFix 11-03-16.03 - xxxxxx 17.03.2011  10:06:38.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4094.2435 [GMT 1:00]

ausgeführt von:: c:\users\xxxxxx\Desktop\cofi.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag

c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Auslogics Disk Defrag on the Web.url

c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Auslogics Disk Defrag.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Uninstall Auslogics Disk Defrag.lnk

K:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-02-17 bis 2011-03-17  ))))))))))))))))))))))))))))))

.

.

2011-03-17 08:36 . 2011-03-17 08:36        9310        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2011-03-17 08:36 . 2011-03-17 08:36        8646        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2011-03-17 08:36 . 2011-03-17 08:36        8613        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2011-03-17 08:36 . 2011-03-17 08:36        8288        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2011-03-17 08:36 . 2011-03-17 08:36        6910        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2011-03-17 08:36 . 2011-03-17 08:36        6429        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2011-03-17 08:36 . 2011-03-17 08:36        63115        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2011-03-17 08:36 . 2011-03-17 08:36        6208        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2011-03-17 08:36 . 2011-03-17 08:36        5927        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2011-03-17 08:36 . 2011-03-17 08:36        4599        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2011-03-17 08:36 . 2011-03-17 08:36        18541        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2011-03-17 08:36 . 2011-03-17 08:36        1651        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2011-03-17 08:35 . 2011-03-17 08:35        8782        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2011-03-17 08:35 . 2011-03-17 08:35        7271        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2011-03-17 08:35 . 2011-03-17 08:35        51852        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2011-03-17 08:35 . 2011-03-17 08:35        23327        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2011-03-17 08:35 . 2011-03-17 08:35        20719        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2011-03-17 08:12 . 2011-03-17 08:12        16856        ----a-w-        c:\program files\Mozilla Firefox\plugin-container.exe

2011-03-17 08:12 . 2011-03-17 08:12        719832        ----a-w-        c:\program files\Mozilla Firefox\mozcpp19.dll

2011-03-16 06:38 . 2011-03-17 08:34        81984        ----a-w-        c:\windows\system32\bdod.bin

2011-03-15 21:37 . 2011-03-15 21:37        --------        d-----w-        c:\users\xxxxxx\AppData\Roaming\BitDefender

2011-03-15 21:36 . 2011-03-16 11:01        --------        d-----w-        c:\programdata\BitDefender

2011-03-15 21:36 . 2011-03-15 21:36        --------        d-----w-        c:\program files\Common Files\BitDefender

2011-03-15 21:36 . 2011-03-15 21:36        --------        d-----w-        c:\program files\BitDefender

2011-03-15 21:35 . 2011-03-15 21:35        --------        d-----w-        c:\program files (x86)\Common Files\BitDefender

2011-03-15 16:43 . 2011-03-15 16:43        --------        d-----w-        c:\users\xxxxxx\AppData\Roaming\.clamwin

2011-03-15 16:43 . 2011-03-15 16:43        --------        d-----w-        c:\programdata\.clamwin

2011-03-15 16:43 . 2011-03-15 16:43        --------        d-----w-        c:\program files (x86)\ClamWin

2011-03-15 07:49 . 2011-02-11 07:30        7947600        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A61B774A-D000-4BC8-9640-2C3BE8ACD4CE}\mpengine.dll

2011-03-14 13:59 . 2011-03-14 13:59        --------        d-----w-        c:\program files (x86)\ESET

2011-03-14 08:21 . 2011-03-14 08:21        --------        d-----w-        c:\users\xxxxxx\AppData\Local\AMD

2011-03-14 08:21 . 2011-03-14 08:21        --------        d-----w-        c:\programdata\ATI

2011-03-14 08:21 . 2011-03-14 08:21        --------        d-----w-        c:\program files (x86)\ATI Stream

2011-03-14 08:20 . 2011-03-14 08:20        --------        d-----w-        c:\programdata\AMD

2011-03-13 23:35 . 2011-03-13 23:35        388096        ----a-r-        c:\users\xxxxxx\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-13 23:35 . 2011-03-13 23:35        --------        d-----w-        c:\program files (x86)\hijackthis204

2011-03-13 22:19 . 2011-03-13 22:19        --------        d-----w-        c:\programdata\tmp

2011-03-13 22:19 . 2011-03-13 22:19        --------        d-----w-        c:\programdata\hps

2011-03-13 22:16 . 2011-03-13 22:16        --------        d-----w-        c:\program files (x86)\Müller Foto

2011-03-10 17:26 . 2011-03-10 17:26        --------        d-----w-        c:\program files (x86)\Vim

2011-03-10 06:58 . 2011-01-07 12:17        475648        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-03-10 06:58 . 2011-01-07 12:17        1465344        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-03-10 06:58 . 2011-01-07 07:46        870912        ----a-w-        c:\windows\SysWow64\XpsPrint.dll

2011-03-10 06:58 . 2011-01-07 07:46        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll

2011-03-10 06:54 . 2011-03-10 06:54        --------        d-----w-        C:\AULOGS

2011-03-10 06:46 . 2011-03-10 06:46        --------        d-----w-        c:\program files (x86)\Sophos

2011-03-09 16:27 . 2011-03-09 16:27        --------        d-----w-        c:\users\xxxxxx\AppData\Roaming\enchant

2011-03-09 16:27 . 2011-03-17 09:01        --------        d-----w-        c:\users\xxxxxx\AppData\Roaming\.purple

2011-03-09 16:26 . 2011-03-09 16:27        --------        d-----w-        c:\program files (x86)\Pidgin

2011-02-27 09:23 . 2011-02-27 09:23        --------        d-----w-        c:\windows\system32\SPReview

2011-02-27 08:59 . 2010-11-20 04:00        2560        ----a-w-        c:\windows\system32\drivers\de-DE\rdpwd.sys.mui

2011-02-27 08:59 . 2010-11-20 04:12        7168        ----a-w-        c:\windows\system32\drivers\de-DE\msdsm.sys.mui

2011-02-27 08:59 . 2010-11-20 04:07        3584        ----a-w-        c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui

2011-02-27 08:58 . 2010-11-20 04:00        4608        ----a-w-        c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui

2011-02-27 08:58 . 2010-11-20 04:07        2560        ----a-w-        c:\windows\system32\drivers\de-DE\disk.sys.mui

2011-02-27 08:35 . 2010-11-20 04:33        273792        ----a-w-        c:\windows\system32\drivers\msiscsi.sys

2011-02-27 08:34 . 2010-11-20 04:27        1911808        ----a-w-        c:\windows\system32\OpcServices.dll

2011-02-27 08:33 . 2010-11-20 04:25        186368        ----a-w-        c:\windows\system32\ocsetup.exe

2011-02-27 08:32 . 2010-11-20 04:27        126976        ----a-w-        c:\program files\Common Files\System\Ole DB\msdaosp.dll

2011-02-26 18:20 . 2011-02-26 18:21        --------        d-----w-        C:\b07f66b3682bb323c8

2011-02-26 17:24 . 2011-02-26 17:24        --------        d-----w-        c:\windows\CheckSur

2011-02-26 16:37 . 2011-02-26 16:37        --------        d-----w-        c:\users\xxxxxx\AppData\Roaming\Malwarebytes

2011-02-26 16:36 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-02-26 16:36 . 2011-02-26 16:36        --------        d-----w-        c:\programdata\Malwarebytes

2011-02-26 16:36 . 2010-12-20 17:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-02-26 16:36 . 2011-02-26 16:36        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-02-26 05:17 . 2011-02-26 05:17        --------        d-----w-        C:\9aeab7026ba9d338c60467

2011-02-26 05:07 . 2011-02-26 05:07        --------        d-----w-        c:\windows\system32\EventProviders

2011-02-25 21:57 . 2011-01-17 11:09        197120        ----a-w-        c:\windows\system32\d3d10_1.dll

2011-02-25 21:57 . 2011-01-17 05:47        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll

2011-02-25 21:57 . 2010-11-20 13:26        321024        ----a-w-        c:\windows\system32\d3d10_1core.dll

2011-02-25 21:57 . 2010-11-20 12:18        219136        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-16 12:56 . 2011-01-21 20:38        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys

2011-03-16 06:37 . 2009-07-22 15:41        154632        ----a-w-        c:\windows\system32\drivers\bdfm.sys

2011-02-27 09:17 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll

2011-02-27 09:17 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll

2011-02-24 17:23 . 2010-12-21 17:32        3523928        ----a-w-        c:\windows\RXSUnins.exe

2011-02-24 17:23 . 2010-12-21 17:32        3523928        ----a-w-        c:\windows\RXCUnins.exe

2011-02-02 16:11 . 2010-01-26 10:41        270720        ------w-        c:\windows\system32\MpSigStub.exe

2011-01-26 23:37 . 2011-01-26 23:37        9085952        ----a-w-        c:\windows\system32\drivers\atikmdag.sys

2011-01-26 23:22 . 2011-01-26 23:22        22295040        ----a-w-        c:\windows\system32\atio6axx.dll

2011-01-26 23:00 . 2011-01-26 23:00        143360        ----a-w-        c:\windows\system32\atiapfxx.exe

2011-01-26 23:00 . 2011-01-26 23:00        596480        ----a-w-        c:\windows\SysWow64\aticfx32.dll

2011-01-26 22:59 . 2011-01-26 22:59        17204736        ----a-w-        c:\windows\SysWow64\atioglxx.dll

2011-01-26 22:59 . 2010-08-04 01:54        708608        ----a-w-        c:\windows\system32\aticfx64.dll

2011-01-26 22:56 . 2011-01-26 22:56        462848        ----a-w-        c:\windows\system32\ATIDEMGX.dll

2011-01-26 22:56 . 2011-01-26 22:56        479232        ----a-w-        c:\windows\system32\atieclxx.exe

2011-01-26 22:55 . 2011-01-26 22:55        203776        ----a-w-        c:\windows\system32\atiesrxx.exe

2011-01-26 22:54 . 2011-01-26 22:54        120320        ----a-w-        c:\windows\system32\atitmm64.dll

2011-01-26 22:54 . 2011-01-26 22:54        423424        ----a-w-        c:\windows\system32\atipdl64.dll

2011-01-26 22:53 . 2011-01-26 22:53        356352        ----a-w-        c:\windows\SysWow64\atipdlxx.dll

2011-01-26 22:53 . 2011-01-26 22:53        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll

2011-01-26 22:53 . 2011-01-26 22:53        16384        ----a-w-        c:\windows\system32\atimuixx.dll

2011-01-26 22:53 . 2011-01-26 22:53        59392        ----a-w-        c:\windows\system32\atiedu64.dll

2011-01-26 22:53 . 2011-01-26 22:53        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll

2011-01-26 22:49 . 2011-01-26 22:49        4105728        ----a-w-        c:\windows\SysWow64\atidxx32.dll

2011-01-26 22:40 . 2009-11-25 03:04        4847616        ----a-w-        c:\windows\system32\atidxx64.dll

2011-01-26 22:32 . 2011-01-26 22:32        1208320        ----a-w-        c:\windows\system32\atiumd6v.dll

2011-01-26 22:32 . 2011-01-26 22:32        1912832        ----a-w-        c:\windows\SysWow64\atiumdmv.dll

2011-01-26 22:32 . 2011-01-26 22:32        3222016        ----a-w-        c:\windows\system32\atiumd6a.dll

2011-01-26 22:28 . 2011-01-26 22:28        4170752        ----a-w-        c:\windows\SysWow64\atiumdag.dll

2011-01-26 22:27 . 2011-01-26 22:27        51200        ----a-w-        c:\windows\system32\aticalrt64.dll

2011-01-26 22:27 . 2011-01-26 22:27        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll

2011-01-26 22:27 . 2011-01-26 22:27        44544        ----a-w-        c:\windows\system32\aticalcl64.dll

2011-01-26 22:27 . 2011-01-26 22:27        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll

2011-01-26 22:27 . 2011-01-26 22:27        6982144        ----a-w-        c:\windows\system32\aticaldd64.dll

2011-01-26 22:25 . 2011-01-26 22:25        5580800        ----a-w-        c:\windows\SysWow64\aticaldd.dll

2011-01-26 22:24 . 2011-01-26 22:24        3463680        ----a-w-        c:\windows\SysWow64\atiumdva.dll

2011-01-26 22:21 . 2011-01-26 22:21        5316096        ----a-w-        c:\windows\system32\atiumd64.dll

2011-01-26 22:20 . 2010-08-04 01:23        58880        ----a-w-        c:\windows\system32\coinst.dll

2011-01-26 22:14 . 2011-01-26 22:14        354304        ----a-w-        c:\windows\system32\atiadlxx.dll

2011-01-26 22:14 . 2011-01-26 22:14        249856        ----a-w-        c:\windows\SysWow64\atiadlxy.dll

2011-01-26 22:13 . 2011-01-26 22:13        14848        ----a-w-        c:\windows\system32\atig6pxx.dll

2011-01-26 22:13 . 2011-01-26 22:13        12800        ----a-w-        c:\windows\SysWow64\atiglpxx.dll

2011-01-26 22:13 . 2011-01-26 22:13        12800        ----a-w-        c:\windows\system32\atiglpxx.dll

2011-01-26 22:13 . 2011-01-26 22:13        39936        ----a-w-        c:\windows\system32\atig6txx.dll

2011-01-26 22:13 . 2011-01-26 22:13        32768        ----a-w-        c:\windows\SysWow64\atigktxx.dll

2011-01-26 22:13 . 2011-01-26 22:13        299520        ----a-w-        c:\windows\system32\drivers\atikmpag.sys

2011-01-26 22:12 . 2010-08-04 01:15        39936        ----a-w-        c:\windows\system32\atiuxp64.dll

2011-01-26 22:12 . 2011-01-26 22:12        30720        ----a-w-        c:\windows\SysWow64\atiuxpag.dll

2011-01-26 22:12 . 2010-11-26 02:15        38400        ----a-w-        c:\windows\system32\atiu9p64.dll

2011-01-26 22:12 . 2011-01-26 22:12        28672        ----a-w-        c:\windows\SysWow64\atiu9pag.dll

2011-01-26 22:11 . 2011-01-26 22:11        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll

2011-01-26 22:08 . 2011-01-26 22:08        53760        ----a-w-        c:\windows\system32\atimpc64.dll

2011-01-26 22:08 . 2011-01-26 22:08        53760        ----a-w-        c:\windows\system32\amdpcom64.dll

2011-01-26 22:08 . 2011-01-26 22:08        52736        ----a-w-        c:\windows\SysWow64\atimpc32.dll

2011-01-26 22:08 . 2011-01-26 22:08        52736        ----a-w-        c:\windows\SysWow64\amdpcom32.dll

2011-01-21 20:39 . 2011-01-21 20:39        53248        ----a-r-        c:\users\xxxxxx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-01-07 12:14 . 2011-02-11 12:36        46080        ----a-w-        c:\windows\system32\atmlib.dll

2011-01-07 09:51 . 2011-02-11 12:39        1638912        ----a-w-        c:\windows\system32\mshtml.tlb

2011-01-07 09:20 . 2011-02-11 12:36        366592        ----a-w-        c:\windows\system32\atmfd.dll

2011-01-07 07:45 . 2011-02-11 12:36        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll

2011-01-07 06:01 . 2011-02-11 12:39        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2011-01-07 05:43 . 2011-02-11 12:36        294400        ----a-w-        c:\windows\SysWow64\atmfd.dll

2011-01-05 10:34 . 2011-02-11 12:36        612864        ----a-w-        c:\windows\system32\vbscript.dll

2011-01-05 06:56 . 2011-02-11 12:38        3129344        ----a-w-        c:\windows\system32\win32k.sys

2011-01-05 05:55 . 2011-02-11 12:36        428032        ----a-w-        c:\windows\SysWow64\vbscript.dll

2011-01-04 09:38 . 2011-01-04 09:38        4254288        ----a-w-        c:\windows\SysWow64\qtp-mt334.dll

2011-01-04 09:36 . 2011-01-04 09:36        249936        ----a-w-        c:\windows\SysWow64\prgiso.dll

2010-12-21 20:07 . 2010-01-27 08:20        466456        ----a-w-        c:\windows\system32\wrap_oal.dll

2010-12-21 20:07 . 2010-01-27 08:20        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll

2010-12-21 20:07 . 2010-01-27 08:20        122904        ----a-w-        c:\windows\system32\OpenAL32.dll

2010-12-21 20:07 . 2010-01-27 08:20        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll

2010-12-17 11:42 . 2011-02-11 12:36        214016        ----a-w-        c:\windows\system32\winsrv.dll

2010-12-17 11:40 . 2011-02-11 12:38        715776        ----a-w-        c:\windows\system32\kerberos.dll

2010-01-26 18:56 . 2009-11-25 15:39        9311688        ----a-w-        c:\program files (x86)\Foxit Reader.exe

2010-01-25 11:05 . 2010-01-27 07:05        6578176        ----a-w-        c:\program files (x86)\2009Decoder.exe

2009-08-05 12:24 . 2010-01-26 14:28        472592        ----a-w-        c:\program files (x86)\Core Temp.exe

2010-06-09 13:46 . 2010-06-09 13:46        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        94208        ----a-w-        c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]

@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"

[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]

2010-11-20 03:20        442880        ----a-w-        c:\windows\System32\ntshrui.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]

.

c:\users\Arbeit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TV-Browser.url [2010-9-16 178]

.

c:\users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [x]

R3 AcpiPmi;ACPI-Energieanzeigetreiber;c:\windows\system32\drivers\acpipmi.sys [x]

R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [x]

R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [x]

R3 ALSysIO;ALSysIO;c:\users\xxxxxx\AppData\Local\Temp\ALSysIO64.sys [x]

R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [x]

R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [x]

R3 AppID;Anwendungs-ID-Treiber;c:\windows\system32\drivers\appid.sys [x]

R3 AppIDSvc;Anwendungsidentität;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [x]

R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [x]

R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]

R3 BDESVC;BitLocker-Laufwerkverschlüsselungsdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [x]

R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [x]

R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [x]

R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [x]

R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [x]

R3 CertPropSvc;Zertifikatverteilung;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [x]

R3 cpuz130;cpuz130;c:\users\xxxxxx\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 defragsvc;Defragmentierung;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [x]

R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [x]

R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]

R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [x]

R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [x]

R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x]

R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [x]

R3 iaStorV;Intel RAID-Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [x]

R3 IPBusEnum;PnP-X-IP-Busenumerator;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [x]

R3 iScsiPrt;iScsiPort-Treiber;c:\windows\system32\drivers\msiscsi.sys [x]

R3 KtmRm;KtmRm für Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 lltdsvc;Verbindungsschicht-Topologieerkennungs-Zuordnungsprogramm;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [x]

R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [x]

R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [x]

R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]

R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\20B3.tmp [x]

R3 mpio;Microsoft Multipfad-Bustreiber;c:\windows\system32\drivers\mpio.sys [x]

R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [x]

R3 msdsm;Microsoft Multipfadgeräte-spezifisches Modul;c:\windows\system32\drivers\msdsm.sys [x]

R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [x]

R3 MSiSCSI;Microsoft iSCSI-Initiator-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 MsRPC;MsRPC; [x]

R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [x]

R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [x]

R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [x]

R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [x]

R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [x]

R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 PerfHost;Leistungsindikator-DLL-Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992]

R3 pla;Leistungsprotokolle und -warnungen;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 PNRPAutoReg;PNRP-Computernamenveröffentlichungs-Dienst;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [x]

R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [x]

R3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [x]

R3 scfilter;Filtertreiber für Smartcards der Plug & Play-Klasse;c:\windows\system32\DRIVERS\scfilter.sys [x]

R3 SCPolicySvc;Richtlinie zum Entfernen der Scmartcard;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 SensrSvc;Adaptive Helligkeit;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 SessionEnv;Konfiguration für Remotedesktops;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 sffp_mmc;SFF-Speicherprotokolltreiber für MMC;c:\windows\system32\drivers\sffp_mmc.sys [x]

R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [x]

R3 Smb;Nachrichtenorientiertes TCP/IP- und TCP/IPv6-Protokoll (SMB-Sitzung);c:\windows\system32\DRIVERS\smb.sys [x]

R3 sppuinotify;SPP-Benachrichtigungsdienst;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [x]

R3 StorSvc;Speicherdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [x]

R3 TabletInputService;Tablet PC-Eingabedienst;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 TBS;TPM-Basisdienste;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 THREADORDER;Server für Threadsortierung;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]

R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 UI0Detect;Erkennung interaktiver Dienste;c:\windows\system32\UI0Detect.exe [x]

R3 uliagpkx;Uli AGP-Bus-Filter;c:\windows\system32\drivers\uliagpkx.sys [x]

R3 UmRdpService;Anschlussumleitung für Remotedesktopdienst im Benutzermodus;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 usbcir;eHome-Infrarotempfänger (USBCIR);c:\windows\system32\drivers\usbcir.sys [x]

R3 VaultSvc;Anmeldeinformationsverwaltung;c:\windows\system32\lsass.exe [x]

R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [x]

R3 VMBusHID;VMBusHID;c:\windows\system32\drivers\VMBusHID.sys [x]

R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [x]

R3 vwifibus;Virtueller WiFi-Bustreiber;c:\windows\System32\drivers\vwifibus.sys [x]

R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 wbengine;Blockebenen-Sicherungsmodul;c:\windows\system32\wbengine.exe [x]

R3 WbioSrvc;Windows-Biometriedienst;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 wcncsvc;Windows-Sofortverbindung - Konfigurationsregistrierungsstelle;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 WcsPlugInService;Windows-Farbsystem;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [x]

R3 WdiSystemHost;Diagnosesystemhost;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 Wecsvc;Windows-Ereignissammlung;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 wercplsupport;Unterstützung in der Systemsteuerung unter Lösungen für Probleme;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 WerSvc;Windows-Fehlerberichterstattungsdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]

R3 WinRM;Windows-Remoteverwaltung (WS-Verwaltung);c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 Wlansvc;Automatische WLAN-Konfiguration;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 WwanSvc;WWAN - automatische Konfiguration;c:\windows\system32\svchost.exe [2009-07-14 27136]

R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]

R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-09 30192]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10 135664]

S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [x]

S0 CLFS;Gemeinsames Protokoll (CLFS);c:\windows\System32\CLFS.sys [x]

S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [x]

S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [x]

S0 fvevol;Filtertreiber der Bitlocker-Laufwerkverschlüsselung;c:\windows\System32\DRIVERS\fvevol.sys [x]

S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [x]

S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [x]

S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [x]

S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [x]

S0 spldr;Security Processor Loader Driver; [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 storflt;Filtertreiber zur Busbeschleunigung für den Datenträger des virtuellen Computers;c:\windows\system32\drivers\vmstorfl.sys [x]

S0 vdrvroot;Enumerator-Treiber für Microsoft Virtual Drive;c:\windows\system32\drivers\vdrvroot.sys [x]

S0 vmbus;Bus des virtuellen Computers;c:\windows\system32\drivers\vmbus.sys [x]

S0 volmgr;Treiber für Volume-Manager;c:\windows\system32\drivers\volmgr.sys [x]

S0 volmgrx;Dynamischer Volume-Manager;c:\windows\System32\drivers\volmgrx.sys [x]

S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [x]

S1 CSC;Treiber für Offlinedateien;c:\windows\system32\drivers\csc.sys [x]

S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [x]

S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [x]

S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [x]

S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [x]

S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [x]

S1 tdx;NetIO-Legacy-TDI-Supporttreiber;c:\windows\system32\DRIVERS\tdx.sys [x]

S1 Wanarpv6;Remotezugriff-IPv6-ARP-Treiber;c:\windows\system32\DRIVERS\wanarp.sys [x]

S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [x]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-10 135336]

S2 AudioEndpointBuilder;Windows-Audio-Endpunkterstellung;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 BFE;Basisfiltermodul;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 CscService;Offlinedateien;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 DPS;Diagnoserichtliniendienst;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 FDResPub;Funktionssuche-Ressourcenveröffentlichung;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 gpsvc;Gruppenrichtlinienclient;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 IKEEXT;IKE- und AuthIP IPsec-Schlüsselerstellungsmodule;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 iphlpsvc;IP-Hilfsdienst;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [x]

S2 luafv;UAC-Dateivirtualisierung;c:\windows\system32\drivers\luafv.sys [x]

S2 MMCSS;Multimediaklassenplaner;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 MpsSvc;Windows-Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 NlaSvc;NLA (Network Location Awareness);c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 nsi;Netzwerkspeicher-Schnittstellendienst;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 PcaSvc;Programmkompatibilitäts-Assistent-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [x]

S2 Power;Stromversorgung;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 ProfSvc;Benutzerprofildienst;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 Radio.fx;Radio.fx Server;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe [2011-02-28 3577688]

S2 RpcEptMapper;RPC-Endpunktzuordnung;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [x]

S2 UxSms;Sitzungs-Manager für Desktopfenster-Manager;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 Windows7FirewallService;Windows7FirewallService;c:\program files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]

S3 1394ohci;OHCI-konformer 1394-Hostcontroller;c:\windows\system32\drivers\1394ohci.sys [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 Appinfo;Anwendungsinformationen;c:\windows\system32\svchost.exe [2009-07-14 27136]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [x]

S3 bowser;Browsersupporttreiber;c:\windows\system32\DRIVERS\bowser.sys [x]

S3 CompositeBus;Busenumeratortreiber für Verbundgeräte;c:\windows\system32\drivers\CompositeBus.sys [x]

S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [x]

S3 fdPHost;Funktionssuchanbieter-Host;c:\windows\system32\svchost.exe [2009-07-14 27136]

S3 HomeGroupListener;Heimnetzgruppen-Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]

S3 HomeGroupProvider;Heimnetzgruppen-Anbieter;c:\windows\System32\svchost.exe [2009-07-14 27136]

S3 KeyIso;CNG-Schlüsselisolation;c:\windows\system32\lsass.exe [x]

S3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst;c:\windows\system32\DRIVERS\monitor.sys [x]

S3 mpsdrv;Windows-Firewallautorisierungstreiber;c:\windows\system32\drivers\mpsdrv.sys [x]

S3 mrxsmb10;SMB 1.x-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [x]

S3 mrxsmb20;SMB 2.0-Miniredirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [x]

S3 netprofm;Netzwerklistendienst;c:\windows\System32\svchost.exe [2009-07-14 27136]

S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [x]

S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SDRSVC;Windows-Sicherung;c:\windows\system32\svchost.exe [2009-07-14 27136]

S3 srv2;Server-SMB-Treiber 2.xxx;c:\windows\system32\DRIVERS\srv2.sys [x]

S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [x]

S3 tunnel;Microsoft-Tunnelminiport-Adaptertreiber;c:\windows\system32\DRIVERS\tunnel.sys [x]

S3 umbus;UMBusenumerator-Treiber;c:\windows\system32\drivers\umbus.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 WdiServiceHost;Diagnosediensthost;c:\windows\System32\svchost.exe [2009-07-14 27136]

S3 WPDBusEnum;Enumeratordienst für tragbare Geräte;c:\windows\system32\svchost.exe [2009-07-14 27136]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc

DcomLaunch        REG_MULTI_SZ           Power PlugPlay DcomLaunch

wcssvc        REG_MULTI_SZ           WcsPlugInService

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

AeLookupSvc

CertPropSvc

SCPolicySvc

lanmanserver

gpsvc

AudioSrv

FastUserSwitchingCompatibility

Nla

NWCWorkstation

SRService

Wmi

WmdmPmSp

TermService

wuauserv

BITS

ShellHWDetection

LogonHours

PCAudit

helpsvc

uploadmgr

iphlpsvc

msiscsi

schedule

SessionEnv

winmgmt

AppMgmt

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService

sppuinotify

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalServiceNetworkRestricted

BthHFSrv

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-16 17:02        114688        ----a-w-        c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe

.

Inhalt des "geplante Tasks" Ordners

.

2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10 18:24]

.

2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10 18:24]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        97792        ----a-w-        c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        97792        ----a-w-        c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19        97792        ----a-w-        c:\users\xxxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]

@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"

[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]

2010-11-20 04:27        509952        ----a-w-        c:\windows\System32\ntshrui.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-19 9996320]

"MagicTuneEngine"="c:\program files\MagicTune Premium\MagicTuneLauncher.exe" [2010-12-14 53760]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]

"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-03-19 982528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

AeLookupSvc

CertPropSvc

SCPolicySvc

lanmanserver

gpsvc

IKEEXT

AudioSrv

FastUserSwitchingCompatibility

Nla

NWCWorkstation

SRService

Wmi

WmdmPmSp

TermService

wuauserv

BITS

ShellHWDetection

LogonHours

PCAudit

helpsvc

uploadmgr

iphlpsvc

seclogon

AppInfo

msiscsi

MMCSS

winmgmt

SessionEnv

browser

EapHost

schedule

hkmsvc

wercplsupport

ProfSvc

Themes

BDESVC

AppMgmt

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalSystemNetworkRestricted

homegrouplistener

StorSvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService

WdiServiceHost

sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetworkService

lanmanworkstation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalServiceNetworkRestricted

BthHFSrv

homegroupprovider

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Alles mit FlashGet laden - c:\program files (x86)\FlashGet\jc_all.htm

IE: &Mit FlashGet laden - c:\program files (x86)\FlashGet\jc_link.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xport to Microsoft Excel - c:\progra~2\MI068C~1\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\xxxxxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

LSP: c:\windows\system32\RSLSP.dll

FF - ProfilePath - c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\k9r1vxee.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de&source=iglk

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD): facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com

FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de

FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.notify.interval - 600000

FF - user.js: content.switch.threshold - 1000000

FF - user.js: nglayout.initialpaint.delay - 600

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

SafeBoot-sacsvr

SafeBoot-vmms

HKLM_Wow6432Node-ActiveSetup-Nitro PDF Professional - (no file)

AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-QIP 2005 - c:\program files (x86)\QIP\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\20B3.tmp"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.9"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]

@Denied: (A 2) (Everyone)

@="IFlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-03-17  10:20:41

ComboFix-quarantined-files.txt  2011-03-17 09:20

.

Vor Suchlauf: 23 Verzeichnis(se), 22.954.438.656 Bytes frei

Nach Suchlauf: 29 Verzeichnis(se), 23.320.522.752 Bytes frei

.

- - End Of File - - 92BA1360E56E2BEDAC623DA2E5B56B37

--- --- ---

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Code:

2011/03/18 20:35:12.0666 7024        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/18 20:35:14.0668 7024        ================================================================================

2011/03/18 20:35:14.0668 7024        SystemInfo:

2011/03/18 20:35:14.0668 7024        

2011/03/18 20:35:14.0668 7024        OS Version: 6.1.7601 ServicePack: 1.0

2011/03/18 20:35:14.0668 7024        Product type: Workstation

2011/03/18 20:35:14.0669 7024        ComputerName: xxxx-DESKTOP

2011/03/18 20:35:14.0669 7024        UserName: xxxx

2011/03/18 20:35:14.0669 7024        Windows directory: C:\Windows

2011/03/18 20:35:14.0669 7024        System windows directory: C:\Windows

2011/03/18 20:35:14.0669 7024        Running under WOW64

2011/03/18 20:35:14.0669 7024        Processor architecture: Intel x64

2011/03/18 20:35:14.0669 7024        Number of processors: 4

2011/03/18 20:35:14.0669 7024        Page size: 0x1000

2011/03/18 20:35:14.0669 7024        Boot type: Normal boot

2011/03/18 20:35:14.0669 7024        ================================================================================

2011/03/18 20:35:15.0083 7024        Initialize success

2011/03/18 20:35:35.0752 4480        ================================================================================

2011/03/18 20:35:35.0752 4480        Scan started

2011/03/18 20:35:35.0752 4480        Mode: Manual; 

2011/03/18 20:35:35.0752 4480        ================================================================================

2011/03/18 20:35:37.0102 4480        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/03/18 20:35:37.0192 4480        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/03/18 20:35:37.0302 4480        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/03/18 20:35:37.0532 4480        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/03/18 20:35:37.0592 4480        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/03/18 20:35:37.0642 4480        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/03/18 20:35:37.0742 4480        AFD             (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys

2011/03/18 20:35:37.0812 4480        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/03/18 20:35:37.0882 4480        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/03/18 20:35:38.0082 4480        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/03/18 20:35:38.0132 4480        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

2011/03/18 20:35:38.0192 4480        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/03/18 20:35:38.0512 4480        amdkmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/03/18 20:35:38.0982 4480        amdkmdap        (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/03/18 20:35:39.0062 4480        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/03/18 20:35:39.0142 4480        amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

2011/03/18 20:35:39.0192 4480        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/03/18 20:35:39.0222 4480        amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

2011/03/18 20:35:39.0322 4480        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/03/18 20:35:39.0402 4480        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/03/18 20:35:39.0432 4480        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/03/18 20:35:39.0512 4480        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/03/18 20:35:39.0562 4480        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/03/18 20:35:39.0652 4480        AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys

2011/03/18 20:35:39.0702 4480        AtiHdmiService  (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys

2011/03/18 20:35:40.0012 4480        atikmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/03/18 20:35:40.0172 4480        AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

2011/03/18 20:35:40.0242 4480        atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys

2011/03/18 20:35:40.0302 4480        avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/03/18 20:35:40.0342 4480        avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys

2011/03/18 20:35:40.0402 4480        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/03/18 20:35:40.0502 4480        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/03/18 20:35:40.0612 4480        bdfm            (024f65dbbbf437ddad07c61487a4219e) C:\Windows\system32\drivers\bdfm.sys

2011/03/18 20:35:40.0692 4480        bdfsfltr        (682ef56e9ed19bda050f22b26d302613) C:\Windows\system32\DRIVERS\bdfsfltr.sys

2011/03/18 20:35:40.0882 4480        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/03/18 20:35:40.0952 4480        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/03/18 20:35:40.0972 4480        bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2011/03/18 20:35:41.0002 4480        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/03/18 20:35:41.0052 4480        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/03/18 20:35:41.0082 4480        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/03/18 20:35:41.0102 4480        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/03/18 20:35:41.0122 4480        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/03/18 20:35:41.0132 4480        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/03/18 20:35:41.0202 4480        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

2011/03/18 20:35:41.0242 4480        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/03/18 20:35:41.0312 4480        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

2011/03/18 20:35:41.0422 4480        BTHPORT         (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\System32\Drivers\BTHport.sys

2011/03/18 20:35:41.0502 4480        BTHUSB          (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\System32\Drivers\BTHUSB.sys

2011/03/18 20:35:41.0562 4480        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/03/18 20:35:41.0612 4480        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

2011/03/18 20:35:41.0692 4480        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/03/18 20:35:41.0762 4480        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/03/18 20:35:41.0832 4480        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/03/18 20:35:41.0882 4480        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/03/18 20:35:41.0952 4480        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/03/18 20:35:41.0992 4480        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/03/18 20:35:42.0042 4480        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/03/18 20:35:42.0162 4480        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/03/18 20:35:42.0262 4480        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

2011/03/18 20:35:42.0332 4480        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/03/18 20:35:42.0362 4480        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/03/18 20:35:42.0412 4480        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/03/18 20:35:42.0492 4480        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/03/18 20:35:42.0622 4480        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/03/18 20:35:42.0772 4480        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/03/18 20:35:42.0862 4480        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/03/18 20:35:42.0952 4480        ENTECH64        (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys

2011/03/18 20:35:42.0992 4480        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/03/18 20:35:43.0042 4480        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/03/18 20:35:43.0102 4480        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/03/18 20:35:43.0122 4480        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/03/18 20:35:43.0182 4480        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/03/18 20:35:43.0202 4480        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/03/18 20:35:43.0252 4480        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/03/18 20:35:43.0302 4480        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/03/18 20:35:43.0342 4480        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/03/18 20:35:43.0372 4480        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/03/18 20:35:43.0432 4480        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/03/18 20:35:43.0482 4480        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/03/18 20:35:43.0602 4480        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/03/18 20:35:43.0672 4480        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/03/18 20:35:43.0742 4480        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

2011/03/18 20:35:43.0782 4480        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/03/18 20:35:43.0792 4480        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/03/18 20:35:43.0822 4480        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/03/18 20:35:43.0882 4480        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

2011/03/18 20:35:43.0952 4480        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/03/18 20:35:44.0052 4480        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/03/18 20:35:44.0122 4480        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/03/18 20:35:44.0162 4480        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/03/18 20:35:44.0222 4480        iaStorV         (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

2011/03/18 20:35:44.0292 4480        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/03/18 20:35:44.0422 4480        IntcAzAudAddService (3edd3ce185da3e6aaec22adcfd7b1d54) C:\Windows\system32\drivers\RTKVHD64.sys

2011/03/18 20:35:44.0482 4480        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/03/18 20:35:44.0512 4480        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/03/18 20:35:44.0572 4480        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/03/18 20:35:44.0612 4480        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/03/18 20:35:44.0652 4480        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/03/18 20:35:44.0682 4480        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/03/18 20:35:44.0732 4480        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/03/18 20:35:44.0792 4480        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/03/18 20:35:44.0852 4480        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

2011/03/18 20:35:44.0922 4480        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

2011/03/18 20:35:44.0992 4480        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/03/18 20:35:45.0012 4480        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/03/18 20:35:45.0042 4480        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/03/18 20:35:45.0132 4480        LHidFilt        (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2011/03/18 20:35:45.0202 4480        lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys

2011/03/18 20:35:45.0262 4480        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/03/18 20:35:45.0292 4480        LMouFilt        (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2011/03/18 20:35:45.0332 4480        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/03/18 20:35:45.0352 4480        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/03/18 20:35:45.0372 4480        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/03/18 20:35:45.0402 4480        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/03/18 20:35:45.0452 4480        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/03/18 20:35:45.0522 4480        LUsbFilt        (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys

2011/03/18 20:35:45.0612 4480        MagicTune       (b3b7c5f26f3f8c7992350b7ede64f5c9) C:\Windows\system32\drivers\MTiCtwl.sys

2011/03/18 20:35:45.0712 4480        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/03/18 20:35:45.0752 4480        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/03/18 20:35:45.0822 4480        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/03/18 20:35:45.0862 4480        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/03/18 20:35:45.0922 4480        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/03/18 20:35:45.0982 4480        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/03/18 20:35:46.0042 4480        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/03/18 20:35:46.0102 4480        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/03/18 20:35:46.0152 4480        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/03/18 20:35:46.0222 4480        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/03/18 20:35:46.0292 4480        mrxsmb          (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/03/18 20:35:46.0362 4480        mrxsmb10        (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/03/18 20:35:46.0402 4480        mrxsmb20        (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/03/18 20:35:46.0452 4480        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/03/18 20:35:46.0482 4480        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/03/18 20:35:46.0532 4480        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/03/18 20:35:46.0552 4480        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/03/18 20:35:46.0572 4480        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/03/18 20:35:46.0632 4480        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/03/18 20:35:46.0662 4480        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/03/18 20:35:46.0682 4480        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/03/18 20:35:46.0732 4480        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/03/18 20:35:46.0752 4480        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/03/18 20:35:46.0782 4480        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/03/18 20:35:46.0792 4480        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/03/18 20:35:46.0822 4480        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/03/18 20:35:46.0862 4480        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/03/18 20:35:46.0942 4480        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/03/18 20:35:46.0982 4480        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/03/18 20:35:47.0032 4480        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/03/18 20:35:47.0072 4480        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/03/18 20:35:47.0102 4480        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/03/18 20:35:47.0162 4480        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/03/18 20:35:47.0222 4480        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/03/18 20:35:47.0292 4480        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/03/18 20:35:47.0372 4480        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/03/18 20:35:47.0452 4480        nmwcd           (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys

2011/03/18 20:35:47.0472 4480        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/03/18 20:35:47.0492 4480        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/03/18 20:35:47.0622 4480        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

2011/03/18 20:35:47.0872 4480        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/03/18 20:35:47.0952 4480        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

2011/03/18 20:35:48.0042 4480        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

2011/03/18 20:35:48.0102 4480        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/03/18 20:35:48.0182 4480        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/03/18 20:35:48.0262 4480        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/03/18 20:35:48.0312 4480        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/03/18 20:35:48.0392 4480        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

2011/03/18 20:35:48.0432 4480        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/03/18 20:35:48.0472 4480        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/03/18 20:35:48.0492 4480        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/03/18 20:35:48.0532 4480        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/03/18 20:35:48.0572 4480        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/03/18 20:35:48.0752 4480        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/03/18 20:35:48.0782 4480        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/03/18 20:35:48.0842 4480        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/03/18 20:35:48.0882 4480        PxHlpa64        (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys

2011/03/18 20:35:48.0992 4480        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/03/18 20:35:49.0062 4480        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/03/18 20:35:49.0102 4480        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/03/18 20:35:49.0162 4480        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/03/18 20:35:49.0202 4480        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/03/18 20:35:49.0262 4480        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/03/18 20:35:49.0292 4480        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/03/18 20:35:49.0332 4480        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/03/18 20:35:49.0372 4480        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/03/18 20:35:49.0402 4480        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/03/18 20:35:49.0422 4480        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/03/18 20:35:49.0482 4480        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

2011/03/18 20:35:49.0552 4480        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/03/18 20:35:49.0602 4480        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/03/18 20:35:49.0652 4480        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/03/18 20:35:49.0732 4480        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/03/18 20:35:49.0802 4480        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/03/18 20:35:49.0892 4480        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/03/18 20:35:49.0962 4480        RTL8167         (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/03/18 20:35:50.0022 4480        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

2011/03/18 20:35:50.0062 4480        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/03/18 20:35:50.0122 4480        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/03/18 20:35:50.0182 4480        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/03/18 20:35:50.0252 4480        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/03/18 20:35:50.0272 4480        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/03/18 20:35:50.0322 4480        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/03/18 20:35:50.0402 4480        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/03/18 20:35:50.0422 4480        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/03/18 20:35:50.0452 4480        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/03/18 20:35:50.0482 4480        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/03/18 20:35:50.0512 4480        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/03/18 20:35:50.0532 4480        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/03/18 20:35:50.0562 4480        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/03/18 20:35:50.0592 4480        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/03/18 20:35:50.0682 4480        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

2011/03/18 20:35:50.0682 4480        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

2011/03/18 20:35:50.0702 4480        sptd - detected Locked file (1)

2011/03/18 20:35:50.0762 4480        srv             (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys

2011/03/18 20:35:50.0832 4480        srv2            (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys

2011/03/18 20:35:50.0892 4480        srvnet          (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys

2011/03/18 20:35:50.0952 4480        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/03/18 20:35:51.0012 4480        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

2011/03/18 20:35:51.0082 4480        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

2011/03/18 20:35:51.0132 4480        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/03/18 20:35:51.0242 4480        Tcpip           (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys

2011/03/18 20:35:51.0322 4480        TCPIP6          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys

2011/03/18 20:35:51.0392 4480        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/03/18 20:35:51.0452 4480        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/03/18 20:35:51.0482 4480        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/03/18 20:35:51.0502 4480        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/03/18 20:35:51.0522 4480        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/03/18 20:35:51.0592 4480        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/03/18 20:35:51.0652 4480        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/03/18 20:35:51.0692 4480        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/03/18 20:35:51.0752 4480        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/03/18 20:35:51.0792 4480        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/03/18 20:35:51.0852 4480        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/03/18 20:35:51.0912 4480        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

2011/03/18 20:35:51.0952 4480        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/03/18 20:35:52.0022 4480        usbbus          (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys

2011/03/18 20:35:52.0042 4480        usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys

2011/03/18 20:35:52.0112 4480        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/03/18 20:35:52.0192 4480        UsbDiag         (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys

2011/03/18 20:35:52.0212 4480        usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2011/03/18 20:35:52.0302 4480        usbfilter       (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys

2011/03/18 20:35:52.0382 4480        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

2011/03/18 20:35:52.0442 4480        USBModem        (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys

2011/03/18 20:35:52.0472 4480        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2011/03/18 20:35:52.0512 4480        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/03/18 20:35:52.0572 4480        usbser          (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys

2011/03/18 20:35:52.0662 4480        USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS

2011/03/18 20:35:52.0692 4480        usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/03/18 20:35:52.0722 4480        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/03/18 20:35:52.0772 4480        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/03/18 20:35:52.0802 4480        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/03/18 20:35:52.0832 4480        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/03/18 20:35:52.0952 4480        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/03/18 20:35:53.0072 4480        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

2011/03/18 20:35:53.0122 4480        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

2011/03/18 20:35:53.0152 4480        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/03/18 20:35:53.0212 4480        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/03/18 20:35:53.0262 4480        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/03/18 20:35:53.0302 4480        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/03/18 20:35:53.0342 4480        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2011/03/18 20:35:53.0372 4480        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/03/18 20:35:53.0442 4480        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/03/18 20:35:53.0482 4480        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/03/18 20:35:53.0532 4480        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/03/18 20:35:53.0612 4480        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/03/18 20:35:53.0702 4480        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/03/18 20:35:53.0732 4480        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/03/18 20:35:53.0822 4480        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/03/18 20:35:53.0932 4480        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/03/18 20:35:53.0992 4480        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/03/18 20:35:54.0052 4480        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/03/18 20:35:54.0092 4480        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/03/18 20:36:01.0822 4480        ================================================================================

2011/03/18 20:36:01.0822 4480        Scan finished

2011/03/18 20:36:01.0822 4480        ================================================================================

2011/03/18 20:36:01.0832 6736        Detected object count: 1

2011/03/18 20:36:30.0762 6736        Locked file(sptd) - User select action: Skip

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Professional

Windows Information:                Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer:        Gigabyte Technology Co., Ltd.

BIOS Manufacturer:                Award Software International, Inc.

System Manufacturer:                Gigabyte Technology Co., Ltd.

System Product Name:                GA-MA770T-UD3P

Logical Drives Mask:                0x00002c3c
 

Kernel Drivers (total 201):

  0x03050000 \SystemRoot\system32\ntoskrnl.exe

  0x03007000 \SystemRoot\system32\hal.dll

  0x00BC9000 \SystemRoot\system32\kdcom.dll

  0x00C0B000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

  0x00C18000 \SystemRoot\system32\PSHED.dll

  0x00C2C000 \SystemRoot\system32\CLFS.SYS

  0x00C8A000 \SystemRoot\system32\CI.dll

  0x00D4A000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x00DEE000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x00ED6000 \SystemRoot\System32\Drivers\spgf.sys

  0x00E00000 \SystemRoot\System32\Drivers\WMILIB.SYS

  0x00E09000 \SystemRoot\System32\Drivers\SCSIPORT.SYS

  0x00E38000 \SystemRoot\system32\drivers\ACPI.sys

  0x00E8F000 \SystemRoot\system32\drivers\msisadrv.sys

  0x00E99000 \SystemRoot\system32\drivers\vdrvroot.sys

  0x01060000 \SystemRoot\system32\drivers\pci.sys

  0x01093000 \SystemRoot\System32\drivers\partmgr.sys

  0x010A8000 \SystemRoot\system32\drivers\volmgr.sys

  0x010BD000 \SystemRoot\System32\drivers\volmgrx.sys

  0x01119000 \SystemRoot\system32\drivers\pciide.sys

  0x01120000 \SystemRoot\system32\drivers\PCIIDEX.SYS

  0x01130000 \SystemRoot\System32\drivers\mountmgr.sys

  0x0114A000 \SystemRoot\system32\drivers\vmbus.sys

  0x01186000 \SystemRoot\system32\drivers\winhv.sys

  0x0119A000 \SystemRoot\system32\drivers\atapi.sys

  0x011A3000 \SystemRoot\system32\drivers\ataport.SYS

  0x011CD000 \SystemRoot\system32\drivers\amdxata.sys

  0x01000000 \SystemRoot\system32\drivers\fltmgr.sys

  0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys

  0x011D8000 \SystemRoot\System32\Drivers\PxHlpa64.sys

  0x01211000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x01407000 \SystemRoot\System32\Drivers\msrpc.sys

  0x01465000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x01480000 \SystemRoot\System32\Drivers\cng.sys

  0x014F2000 \SystemRoot\System32\drivers\pcw.sys

  0x01503000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x0150D000 \SystemRoot\system32\drivers\ndis.sys

  0x01673000 \SystemRoot\system32\drivers\NETIO.SYS

  0x016D3000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x01852000 \SystemRoot\System32\drivers\tcpip.sys

  0x01A56000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x01AA0000 \SystemRoot\system32\drivers\vmstorfl.sys

  0x01AB0000 \SystemRoot\system32\drivers\volsnap.sys

  0x01AFC000 \SystemRoot\System32\Drivers\spldr.sys

  0x01B04000 \SystemRoot\System32\drivers\rdyboost.sys

  0x01B3E000 \SystemRoot\System32\Drivers\mup.sys

  0x01B50000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x01B59000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x01B93000 \SystemRoot\system32\DRIVERS\disk.sys

  0x01BA9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x01BD9000 \SystemRoot\system32\DRIVERS\AtiPcie.sys

  0x0181C000 \SystemRoot\system32\drivers\cdrom.sys

  0x01846000 \SystemRoot\System32\Drivers\Null.SYS

  0x016FE000 \SystemRoot\System32\Drivers\Beep.SYS

  0x01705000 \SystemRoot\system32\drivers\MTiCtwl.sys

  0x0170E000 \SystemRoot\System32\drivers\vga.sys

  0x0171C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x01741000 \SystemRoot\System32\drivers\watchdog.sys

  0x01751000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x0175A000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x01763000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x0176C000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x01777000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x01788000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x017AA000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x040CA000 \SystemRoot\system32\drivers\afd.sys

  0x04153000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x04198000 \SystemRoot\system32\drivers\ws2ifsl.sys

  0x041A3000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x041AC000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x041D2000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x041E1000 \SystemRoot\system32\DRIVERS\serial.sys

  0x04000000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x0401B000 \SystemRoot\system32\drivers\termdd.sys

  0x0402F000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x04080000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x0408C000 \SystemRoot\system32\drivers\mssmbios.sys

  0x04097000 \SystemRoot\System32\drivers\discache.sys

  0x02E74000 \SystemRoot\system32\drivers\csc.sys

  0x02EF7000 \SystemRoot\System32\Drivers\dfsc.sys

  0x02F15000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x02F26000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0x02F48000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x02F6E000 \SystemRoot\system32\DRIVERS\amdppm.sys

  0x02F83000 \SystemRoot\system32\drivers\wmiacpi.sys

  0x02F8C000 \SystemRoot\system32\DRIVERS\atikmpag.sys

  0x04A23000 \SystemRoot\system32\DRIVERS\atikmdag.sys

  0x044DB000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x04400000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x04446000 \SystemRoot\system32\drivers\HDAudBus.sys

  0x0446A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

  0x0449C000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0x0531F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x044A7000 \SystemRoot\system32\DRIVERS\usbfilter.sys

  0x044B3000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x05375000 \SystemRoot\system32\drivers\1394ohci.sys

  0x053B3000 \SystemRoot\System32\Drivers\aj5wgis3.SYS

  0x044C4000 \SystemRoot\system32\DRIVERS\serenum.sys

  0x045CF000 \SystemRoot\system32\DRIVERS\parport.sys

  0x04A00000 \SystemRoot\system32\drivers\i8042prt.sys

  0x045EC000 \SystemRoot\system32\drivers\kbdclass.sys

  0x02FDA000 \SystemRoot\system32\drivers\CompositeBus.sys

  0x02FEA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x02E00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x02E24000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x02E30000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x040A6000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x017B7000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x017D8000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x044D0000 \SystemRoot\system32\DRIVERS\rdpbus.sys

  0x02E5F000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x045FB000 \SystemRoot\system32\drivers\swenum.sys

  0x01600000 \SystemRoot\system32\drivers\ks.sys

  0x01643000 \SystemRoot\system32\DRIVERS\amdiox64.sys

  0x01657000 \SystemRoot\system32\drivers\umbus.sys

  0x05C59000 \SystemRoot\system32\drivers\usbhub.sys

  0x05CB3000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x05CC8000 \SystemRoot\system32\drivers\AtihdW76.sys

  0x05CE8000 \SystemRoot\system32\drivers\portcls.sys

  0x05D25000 \SystemRoot\system32\drivers\drmk.sys

  0x05D47000 \SystemRoot\system32\drivers\ksthunk.sys

  0x068F6000 \SystemRoot\system32\drivers\RTKVHD64.sys

  0x06B18000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x06B26000 \SystemRoot\System32\Drivers\dump_dumpata.sys

  0x06B32000 \SystemRoot\System32\Drivers\dump_atapi.sys

  0x06B3B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x06B4E000 \SystemRoot\system32\drivers\USBSTOR.SYS

  0x06B69000 \SystemRoot\system32\drivers\USBD.SYS

  0x06B6B000 \SystemRoot\System32\Drivers\fastfat.SYS

  0x000C0000 \SystemRoot\System32\win32k.sys

  0x06BA1000 \SystemRoot\System32\drivers\Dxapi.sys

  0x06BAD000 \SystemRoot\System32\Drivers\LUsbFilt.Sys

  0x06BBD000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0x06BCB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x06BE4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x06800000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

  0x06815000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x06822000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

  0x06836000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x00520000 \SystemRoot\System32\TSDDD.dll

  0x006F0000 \SystemRoot\System32\cdd.dll

  0x06844000 \SystemRoot\system32\drivers\luafv.sys

  0x06867000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0x06884000 \SystemRoot\system32\drivers\WudfPf.sys

  0x068A5000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x068BA000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x0483C000 \SystemRoot\system32\drivers\HTTP.sys

  0x04905000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x04923000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x0493B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x04968000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x049B5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x05D4D000 \SystemRoot\system32\DRIVERS\atksgt.sys

  0x049D9000 \SystemRoot\system32\DRIVERS\lirsgt.sys

  0x09204000 \SystemRoot\system32\drivers\peauth.sys

  0x092AA000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x092B5000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x092E6000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x092F8000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x09363000 \SystemRoot\System32\DRIVERS\srv.sys

  0x04800000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

  0x0AD12000 \SystemRoot\system32\DRIVERS\asyncmac.sys

  0x77780000 \Windows\System32\ntdll.dll

  0x48540000 \Windows\System32\smss.exe

  0xFFAA0000 \Windows\System32\apisetschema.dll

  0xFF110000 \Windows\System32\autochk.exe

  0xFF9F0000 \Windows\System32\clbcatq.dll

  0xFF950000 \Windows\System32\comdlg32.dll

  0xFEBC0000 \Windows\System32\shell32.dll

  0xFEAB0000 \Windows\System32\msctf.dll

  0xFEA90000 \Windows\System32\sechost.dll

  0xFE9B0000 \Windows\System32\advapi32.dll

  0xFE7D0000 \Windows\System32\setupapi.dll

  0xFE5C0000 \Windows\System32\ole32.dll

  0x77950000 \Windows\System32\psapi.dll

  0xFE5A0000 \Windows\System32\imagehlp.dll

  0xFE520000 \Windows\System32\shlwapi.dll

  0xFE4D0000 \Windows\System32\ws2_32.dll

  0xFE460000 \Windows\System32\gdi32.dll

  0x77940000 \Windows\System32\normaliz.dll

  0xFE450000 \Windows\System32\lpk.dll

  0x77680000 \Windows\System32\user32.dll

  0xFE420000 \Windows\System32\imm32.dll

  0xFE350000 \Windows\System32\usp10.dll

  0xFE2B0000 \Windows\System32\msvcrt.dll

  0xFE180000 \Windows\System32\rpcrt4.dll

  0xFE120000 \Windows\System32\Wldap32.dll

  0xFDEC0000 \Windows\System32\iertutil.dll

  0xFDD40000 \Windows\System32\urlmon.dll

  0xFDCC0000 \Windows\System32\difxapi.dll

  0xFDCB0000 \Windows\System32\nsi.dll

  0x77560000 \Windows\System32\kernel32.dll

  0xFDBD0000 \Windows\System32\oleaut32.dll

  0xFDAA0000 \Windows\System32\wininet.dll

  0xFDA80000 \Windows\System32\devobj.dll

  0xFD910000 \Windows\System32\crypt32.dll

  0xFD8A0000 \Windows\System32\KernelBase.dll

  0xFD860000 \Windows\System32\cfgmgr32.dll

  0xFD820000 \Windows\System32\wintrust.dll

  0xFD780000 \Windows\System32\comctl32.dll

  0xFD770000 \Windows\System32\msasn1.dll
 

Processes (total 66):

       0 System Idle Process

       4 System

     288 C:\Windows\System32\smss.exe

     424 csrss.exe

     496 C:\Windows\System32\wininit.exe

     520 csrss.exe

     556 C:\Windows\System32\services.exe

     580 C:\Windows\System32\lsass.exe

     608 C:\Windows\System32\winlogon.exe

     620 C:\Windows\System32\lsm.exe

     756 C:\Windows\System32\svchost.exe

     872 C:\Windows\System32\svchost.exe

     940 C:\Windows\System32\atiesrxx.exe

    1000 C:\Windows\System32\svchost.exe

     316 C:\Windows\System32\svchost.exe

     356 C:\Windows\System32\svchost.exe

    1048 C:\Windows\System32\svchost.exe

    1140 C:\Windows\System32\atieclxx.exe

    1176 C:\Windows\System32\svchost.exe

    1328 C:\Windows\System32\spoolsv.exe

    1396 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

    1476 C:\Windows\System32\taskhost.exe

    1584 C:\Windows\System32\dwm.exe

    1608 C:\Windows\explorer.exe

    1640 C:\Windows\System32\taskeng.exe

    1672 C:\Windows\System32\taskeng.exe

    1688 C:\Program Files (x86)\Process Lasso\ProcessLasso.exe

    1728 C:\Program Files (x86)\Process Lasso\ProcessGovernor.exe

    1736 C:\Program Files (x86)\Process Lasso\ProcessGovernor.exe

    1788 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    1844 C:\Windows\System32\svchost.exe

    1556 C:\Program Files (x86)\Adobe Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

    2080 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

    2180 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

    2236 C:\Windows\System32\svchost.exe

    2336 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe

    2364 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

    2372 C:\Windows\System32\conhost.exe

    2444 C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe

    2516 C:\Windows\System32\svchost.exe

    2704 C:\Users\xxxx\AppData\Local\TVersity\Media Server\MediaServer.exe

    2936 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    2992 C:\Program Files\Logitech\SetPointP\SetPoint.exe

    3000 C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe

    3060 C:\Users\xxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe

    2112 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    2600 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

    3104 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

    3728 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

    3748 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

    3032 C:\Windows\System32\SearchIndexer.exe

    4216 WUDFHost.exe

    4332 C:\Windows\System32\svchost.exe

     548 C:\Windows\System32\svchost.exe

    4428 dllhost.exe

    5096 C:\Windows\System32\svchost.exe

    2952 C:\Program Files\Mozilla Firefox\firefox.exe

    4968 C:\Program Files\Mozilla Firefox\plugin-container.exe

    4392 C:\Program Files (x86)\FlashGet\flashget.exe

    4188 C:\Windows\explorer.exe

     656 C:\Windows\System32\audiodg.exe

    1616 C:\Windows\System32\SearchProtocolHost.exe

    2400 C:\Windows\System32\SearchFilterHost.exe

    2712 C:\Windows\System32\dllhost.exe

    1452 C:\Users\xxxx\Desktop\MBRCheck.exe

    4140 C:\Windows\System32\conhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`40d00000  (NTFS)

\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000  (FAT32)

\\.\K: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
 

PhysicalDrive0 Model Number: SAMSUNGSP2004C, Rev: VM100-33

PhysicalDrive2 Model Number: ST9320325AS, Rev: 

PhysicalDrive1 Model Number: SAMSUNGHD753LJ, Rev: 1AA01109
 

      Size  Device Name          MBR Status

  --------------------------------------------

    186 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

    298 GB  \\.\PhysicalDrive2   RE: Unknown MBR code

            SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

    698 GB  \\.\PhysicalDrive1   Windows XP MBR code detected

            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
 
 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
 

Done!

Doch, hier kommt Gmer!

Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net

Rootkit scan 2011-03-18 23:44:29

Windows 6.1.7601 Service Pack 1 

Running: zk5nwpd6.exe
 
 

---- Registry - GMER 1.0.15 ----
 

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011672e68c9                                         

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011672e68c9@5c57c81fed44                            0x62 0xAB 0x5A 0x91 ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011672e68c9@0017e5cfffb5                            0x7A 0xD9 0x0B 0x76 ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x97 0xB9 0x41 0x0C ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x90 0xA3 0xA3 0xF3 ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x9B 0xB1 0x04 0x7B ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x63 0x40 0x7B 0x34 ...

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011672e68c9 (not active ControlSet)                     

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011672e68c9@5c57c81fed44                                0x62 0xAB 0x5A 0x91 ...

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011672e68c9@0017e5cfffb5                                0x7A 0xD9 0x0B 0x76 ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x97 0xB9 0x41 0x0C ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x90 0xA3 0xA3 0xF3 ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x9B 0xB1 0x04 0x7B ...

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  

Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x63 0x40 0x7B 0x34 ...
 

---- EOF - GMER 1.0.15 ----

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

SAS-Log folgt noch!

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6158
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

25.03.2011 18:38:52

mbam-log-2011-03-25 (18-38-52).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|K:\|N:\|)

Durchsuchte Objekte: 995779

Laufzeit: 3 Stunde(n), 17 Minute(n), 38 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 03/26/2011 at 05:18 PM
 

Application Version : 4.50.1002
 

Core Rules Database Version : 6678

Trace Rules Database Version: 4490
 

Scan type       : Complete Scan

Total Scan Time : 08:32:10
 

Memory items scanned      : 580

Memory threats detected   : 0

Registry items scanned    : 15734

Registry threats detected : 0

File items scanned        : 934801

File threats detected     : 10
 

Adware.Tracking Cookie

        C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@xiti[1].txt

        s0.2mdn.net [ C:\Users\xxxxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\URTUHQ76 ]

        www.adservercentral.info [ C:\Users\xxxxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\URTUHQ76 ]
 

Trojan.Agent/Gen-ReLoader

        C:\SPIELE\FAR CRY\FCQPSETUP.EXE
 

Rogue.Agent/Gen-Nullo[DLL]

        C:\WINDOWS\UA000096.DLL
 
 

Trojan.Unclassified/Loader-Suspicious

        K:\@UNSORTIERT\LOADER.EXE
 

Trojan.Agent/Gen-FakeAlert[Local]

        K:\DROPBOX\MY DROPBOX\DATA\UNI\xxxxx\ALT\STATISTIK_xxxxx\HUE2\HUE2.EXE

        K:\DROPBOX\MY DROPBOX\DATA\UNI\xxxxx\ALT\STATISTIK_xxxxx\HUE3\HUE3.EXE

        K:\DROPBOX\MY DROPBOX\DATA\UNI\xxxxx\ALT\STATISTIK_xxxxx\HUE4\HUE4.EXE

Zitat:

Trojan.Agent/Gen-ReLoader
C:\SPIELE\FAR CRY\FCQPSETUP.EXE

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\UA000096.DLL

Trojan.Unclassified/Loader-Suspicious
K:\@UNSORTIERT\LOADER.EXE

Trojan.Agent/Gen-FakeAlert[Local]
K:\DROPBOX\MY DROPBOX\DATA\UNI\xxxxx\ALT\STATISTIK_xxxxx\HUE2\HUE2.EXE
K:\DROPBOX\MY DROPBOX\DATA\UNI\xxxxx\ALT\STATISTIK_xxxxx\HUE3\HUE3.EXE
K:\DROPBOX\MY DROPBOX\DATA\UNI\xxxxx\ALT\STATISTIK_xxxxx\HUE4\HUE4.EXE

Sieht nach Fehlalarmen aus. Kannst du die Objekte einstufen?

Also C:\WINDOWS\UA000096.DLL sagt mir nichts, der Reste sollte eigentlich unbedenklich sein :)

Gut, dann entfern diesen Überrest und wie sollten durch sein, sofern du keine weiteren Probleme oder Funde hast :)

Ok, herzlichen Dank für die Hilfe!

Gut. Sind noch Probleme offen oder kamen weitere Funde?