Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Sicherheitscenter und Defender werden deaktiviert win7 (https://www.trojaner-board.de/97174-sicherheitscenter-defender-deaktiviert-win7.html)

Amok84 05.04.2011 18:08
Sicherheitscenter und Defender werden deaktiviert win7
 
Hallo liebe User,
mein Problem ist wohl schon des öfteren aufgetreten aber die lösung scheint immer individuell anders zu sein zumindest kommt mir das so vor wenn ich die threats hier so lese.

also nun zum problem es haben sich ständig IE fenster mit werbung geöffnet und nach diversen scans und antivieren software habe ich das auch wieder in den griff bekommen allerdings sind wohl folgeschäden des befalls übrig geblieben.
der defender geht direkt wieder zu und das sicherheitscenter kann ich über dienste von deaktiviert auf automatisch stellen und anschließend starten aber nach kurzer zeit ist es wieder deaktiviert.

Kaspersky findet nix mehr und wenn ich bei google nach seiten suche die mir helfen könnten und diese anklick werde ich umgeleitet auf irgendwelche werbung nachdem ich die seite angeklickt habe.
wenn ich die linkadresse kopier und manuell in einen neuen tab einfüge funktioniert es in der regel aber das ich auf die gewünschte seite komme.

hijackthis bringt folgendes ergebnis:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:18, on 05.04.2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\SysWOW64\brsvc01a.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9869 bytes
Mallwarebytes wirft folgende log aus:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6278

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

05.04.2011 17:18:43
mbam-log-2011-04-05 (17-18-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 323978
Laufzeit: 34 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\IKXGVMFZHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Q8PS7ZCLN6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Spybot :
Code:
--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-12-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi
2011-03-22 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2010-12-14 Includes\Dialer.sbi
2011-03-08 Includes\DialerC.sbi
2011-02-24 Includes\HeavyDuty.sbi
2011-03-29 Includes\Hijackers.sbi
2011-03-29 Includes\HijackersC.sbi
2010-09-15 Includes\iPhone.sbi
2010-12-14 Includes\Keyloggers.sbi
2011-03-08 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2011-03-29 Includes\Malware.sbi
2011-03-29 Includes\MalwareC.sbi
2011-02-24 Includes\PUPS.sbi
2011-03-15 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2011-03-08 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2011-02-24 Includes\Spyware.sbi
2011-03-15 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi
2011-03-25 Includes\TrojansC-02.sbi
2011-03-29 Includes\TrojansC-03.sbi
2011-03-08 Includes\TrojansC-04.sbi
2011-03-29 Includes\TrojansC-05.sbi
2011-03-08 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
  size: 932288
    MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
  size: 35760
    MD5: 37BF603C3685289CA684C4D3400A9DE7

Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
  file: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
  size: 47904
    MD5: 310638EBDD87B49DF3D12EDB853D5166

Located: HK_LM:Run, AVP
command: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
  file: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
  size: 365336
    MD5: B2B3FCBA37671C853879DF7DDE8A839A

Located: HK_LM:Run, BrMfcWnd
command: C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
  file: C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
  size: 1159168
    MD5: 4D5D968FE6AE6BF94A807F73F7FF6B3D

Located: HK_LM:Run, ControlCenter3
command: C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
  file: C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
  size: 114688
    MD5: 4DE3EF07E0854547309C6B40235A9D44

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
  file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
  size: 421160
    MD5: F3DEAA1F2FCF70FAF6DE3757CA343FA5

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
  file: C:\Program Files (x86)\QuickTime\QTTask.exe
  size: 421888
    MD5: 0AEE5668EB59912F32FF245BFA72465F

Located: HK_LM:Run, StartCCC
command: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
  file: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
  size: 61440
    MD5: F9E9D44FDB0861536E5BBBC4B63FE224

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
  size: 249064
    MD5: 2E5212A0BFB98FE0167C92C76C87AFE3

Located: HK_LM:Run, VirtualCloneDrive
command: "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
  file: C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
  size: 85160
    MD5: 860927EC4DA5D1B5D15337BF3E997C6A

Located: HK_LM:Run, WinampAgent
command: "C:\Program Files (x86)\Winamp\winampa.exe"
  file: C:\Program Files (x86)\Winamp\winampa.exe
  size: 37888
    MD5: BD74140F2EBC9FCD1AC425BE81DF6329

Located: HK_CU:Run, Rainlendar2
  where: S-1-5-21-804603618-2216213293-859293424-1001...
command: C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
  file: C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
  size: 5148672
    MD5: 98635DED2D7D265110FC861ABD75C344

Located: HK_CU:Run, Sidebar
  where: S-1-5-21-804603618-2216213293-859293424-1001...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  file: C:\Program Files\Windows Sidebar\sidebar.exe
  size: 1475584
    MD5: E3BF29CED96790CDAAFA981FFDDF53A3

Located: HK_CU:Run, Sony Ericsson PC Suite
  where: S-1-5-21-804603618-2216213293-859293424-1001...
command: "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
  file: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
  size: 434176
    MD5: A80BD9E34A26FF8E25CACB5A06AE4F14

Located: Startup (Benutzer), OpenOffice.org 3.1.lnk
  where: C:\Users\Amok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
  file: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
  size: 384000
    MD5: C047C9C6CD8E134AFDFDB374E80547E5



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: AcroIEHelperStub
        CLSID name: Adobe PDF Link Helper
              Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
        Long name: AcroIEHelperShim.dll
        Short name:      ACROIE~2.DLL
    Date (created): 22.09.2010 18:04:14
Date (last access): 11.10.2010 16:58:32
 Date (last write): 22.09.2010 18:04:14
          Filesize:              75200
        Attributes:          archive
              MD5: 203A74767EB81F96A5166B1933DB46D0
            CRC32:          B0D671C9
          Version:          9.4.0.195

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (IEVkbdBHO)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: IEVkbdBHO
        CLSID name: IEVkbdBHO Class
              Path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\
        Long name:        ievkbd.dll
        Short name:                 
    Date (created): 05.10.2010 20:27:00
Date (last access): 03.04.2011 18:27:10
 Date (last write): 05.10.2010 20:27:00
          Filesize:              68280
        Attributes:          archive
              MD5: 3936312618A1B4E8B79231DC53C326E7
            CRC32:          7AF036B8
          Version:        11.0.2.556

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Anmelde-Hilfsprogramm)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name:
        CLSID name: Windows Live Anmelde-Hilfsprogramm
              Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
        Long name: WindowsLiveLogin.dll
        Short name:      WINDOW~1.DLL
    Date (created): 22.01.2009 16:41:30
Date (last access): 12.12.2009 21:02:26
 Date (last write): 22.01.2009 16:41:30
          Filesize:            408448
        Attributes:          archive
              MD5: B7899C3E21B299D7A3C0DA96CAE340BD
            CRC32:          288935F8
          Version:          5.0.818.5

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name:
        CLSID name: Java(tm) Plug-In 2 SSV Helper
              Path: C:\Program Files (x86)\Java\jre6\bin\
        Long name:        jp2ssv.dll
        Short name:                 
    Date (created): 09.02.2011 17:31:20
Date (last access): 28.02.2011 15:57:38
 Date (last write): 09.02.2011 17:31:20
          Filesize:              41760
        Attributes:          archive
              MD5: 88E49C2B7E75B1D9695D6A063F28A8BB
            CRC32:          A5ABF297
          Version:          6.0.240.7

{E33CF602-D945-461A-83F0-819F76A199F8} (link filter bho)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: link filter bho
        CLSID name: FilterBHO Class
              Path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\
        Long name:      klwtbbho.dll
        Short name:                 
    Date (created): 05.10.2010 20:27:06
Date (last access): 03.04.2011 18:27:14
 Date (last write): 05.10.2010 20:27:06
          Filesize:            191160
        Attributes:          archive
              MD5: 888A8C956207A88036571E8AE2356C46
            CRC32:          79DC82BB
          Version:        11.0.2.556



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_24
        Installer:
          Codebase: h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
      description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
        info link:
      info source: Patrick M. Kolla
              Path: C:\Program Files (x86)\Java\jre6\bin\
        Long name:        jp2iexp.dll
        Short name:                 
    Date (created): 05.12.2009 10:31:54
Date (last access): 02.02.2011 23:46:34
 Date (last write): 02.02.2011 22:40:28
          Filesize:            112416
        Attributes:          archive
              MD5: 8E66E95FCD0218767CC5953F7BA64D19
            CRC32:          F9A66843
          Version:          6.0.240.7

{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_16
        Installer:
          Codebase: h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
              Path: C:\Program Files (x86)\Java\jre6\bin\
        Long name:        jp2iexp.dll
        Short name:                 
    Date (created): 05.12.2009 10:31:54
Date (last access): 02.02.2011 23:46:34
 Date (last write): 02.02.2011 22:40:28
          Filesize:            112416
        Attributes:          archive
              MD5: 8E66E95FCD0218767CC5953F7BA64D19
            CRC32:          F9A66843
          Version:          6.0.240.7

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_24
        Installer:
          Codebase: h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
              Path: C:\Program Files (x86)\Java\jre6\bin\
        Long name:        jp2iexp.dll
        Short name:                 
    Date (created): 05.12.2009 10:31:54
Date (last access): 02.02.2011 23:46:34
 Date (last write): 02.02.2011 22:40:28
          Filesize:            112416
        Attributes:          archive
              MD5: 8E66E95FCD0218767CC5953F7BA64D19
            CRC32:          F9A66843
          Version:          6.0.240.7

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_24
        Installer:
          Codebase: h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
      description:
    classification: Legitimate
    known filename: npjpi150_06.dll
        info link:
      info source: Safer Networking Ltd.
              Path: C:\Program Files (x86)\Java\jre6\bin\
        Long name:    npjpi160_24.dll
        Short name:      NPJPI1~1.DLL
    Date (created): 02.02.2011 20:19:42
Date (last access): 02.02.2011 23:46:44
 Date (last write): 02.02.2011 22:40:34
          Filesize:            141088
        Attributes:          archive
              MD5: 1DA2629EEE65A34D54BB9741CE30DE3D
            CRC32:          64BB8CA2
          Version:          6.0.240.7

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
          DPF name:
        CLSID name: Shockwave Flash Object
        Installer: C:\Windows\Downloaded Program Files\swflash.inf
          Codebase: h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
        info link:
      info source: Patrick M. Kolla
              Path: C:\Windows\SysWOW64\Macromed\Flash\
        Long name:      Flash10l.ocx
        Short name:                 
    Date (created): 16.11.2010 08:56:02
Date (last access): 16.11.2010 08:56:02
 Date (last write): 16.11.2010 08:56:02
          Filesize:            6071760
        Attributes:  readonly archive
              MD5: 9C54F2CC2301599D698399D7E49C7321
            CRC32:          DFC2F74C
          Version:        10.1.102.64



--- Process list ---
PID:    0 (  0) [System]
PID: 2600 (1780) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
 size: 434176
  MD5: A80BD9E34A26FF8E25CACB5A06AE4F14
PID: 2720 (1780) C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
 size: 5148672
  MD5: 98635DED2D7D265110FC861ABD75C344
PID: 2900 (2888) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
 size: 7424000
  MD5: 83170B8E03213093B065A9638E146499
PID: 2908 (2900) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
 size: 7418368
  MD5: 873867A02F0E83F18CF871E776B651DC
PID: 2920 (2828) C:\Program Files (x86)\Winamp\winampa.exe
 size: 37888
  MD5: BD74140F2EBC9FCD1AC425BE81DF6329
PID: 2928 (2828) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
 size: 85160
  MD5: 860927EC4DA5D1B5D15337BF3E997C6A
PID: 2988 (2828) C:\Program Files (x86)\iTunes\iTunesHelper.exe
 size: 421160
  MD5: F3DEAA1F2FCF70FAF6DE3757CA343FA5
PID: 3012 (2828) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
 size: 1159168
  MD5: 4D5D968FE6AE6BF94A807F73F7FF6B3D
PID: 3028 (2996) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
 size: 872448
  MD5: 36E5CA5DCE72A831A3F7C7ED8AEA83AE
PID: 2076 (3012) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
 size: 221184
  MD5: 490F9A7948EF661DF32A9F0DC8534284
PID: 3844 (2828) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 size: 249064
  MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
PID: 3912 (2828) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
 size: 365336
  MD5: B2B3FCBA37671C853879DF7DDE8A839A
PID:  772 (1780) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 size: 924632
  MD5: 7AAF26E5CEC48A364FAB61A3505668FB
PID: 4736 (1780) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 size: 5365592
  MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID:    4 (  0) System
PID:  304 (  4) smss.exe
PID:  500 ( 484) csrss.exe
PID:  564 ( 484) wininit.exe
 size: 96256
PID:  584 ( 572) csrss.exe
PID:  620 ( 564) services.exe
PID:  644 ( 564) lsass.exe
PID:  652 ( 564) lsm.exe
PID:  732 ( 572) winlogon.exe
PID:  800 ( 620) svchost.exe
 size: 20992
PID:  880 ( 620) svchost.exe
 size: 20992
PID:  956 ( 620) svchost.exe
 size: 20992
PID: 1012 ( 620) svchost.exe
 size: 20992
PID:  252 ( 620) svchost.exe
 size: 20992
PID: 1028 ( 620) svchost.exe
 size: 20992
PID: 1144 ( 620) svchost.exe
 size: 20992
PID: 1272 ( 620) brsvc01a.exe
 size: 57344
PID: 1280 ( 252) taskeng.exe
 size: 192000
PID: 1352 ( 620) spoolsv.exe
PID: 1380 ( 620) svchost.exe
 size: 20992
PID: 1436 (1280) rundll32.exe
 size: 44544
PID: 1444 (1436) rundll32.exe
 size: 44544
PID: 1508 ( 620) AppleMobileDeviceService.exe
PID: 1536 (1272) brss01a.exe
 size: 45056
PID: 1564 ( 620) WLanNetService.exe
PID: 1600 ( 620) avp.exe
PID: 1692 ( 620) C:\Windows\System32\taskhost.exe
PID: 1756 (1012) C:\Windows\System32\dwm.exe
PID: 1780 (1748) C:\Windows\explorer.exe
 size: 2872320
  MD5: AC4C51EB24AA95B77F705AB159189E24
PID: 1928 ( 620) mDNSResponder.exe
PID: 1968 ( 620) svchost.exe
 size: 20992
PID: 2020 ( 620) NIHardwareService.exe
PID: 1680 ( 620) TCPSVCS.EXE
 size: 9216
PID: 2080 ( 620) svchost.exe
 size: 20992
PID: 2100 ( 620) svchost.exe
 size: 20992
PID: 2588 (1780) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
 size: 9608224
  MD5: 899886E81E666D147036C9358FA94A01
PID: 2820 (1780) C:\Program Files\Windows Sidebar\sidebar.exe
 size: 1475584
  MD5: E3BF29CED96790CDAAFA981FFDDF53A3
PID: 2944 (2936) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
 size: 49152
  MD5: 6B87742F27B087AF7FD4ADC2DB685DE0
PID: 2792 (2944) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 size: 49152
  MD5: 4C08FB7ACB28689B586D986D3F5826CF
PID: 3200 ( 620) iPodService.exe
PID: 3596 ( 620) svchost.exe
 size: 20992
PID: 3708 ( 620) wmpnetwk.exe
PID: 3928 ( 620) svchost.exe
 size: 20992
PID: 2756 ( 620) svchost.exe
 size: 20992
PID: 3112 ( 956) audiodg.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 05.04.2011 19:00:42

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
  h**p://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
  Preserve
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
  h**p://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  h**p://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  h**p://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol  0: MSAFD-Tcpip [TCP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  1: MSAFD-Tcpip [UDP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  2: MSAFD-Tcpip [RAW/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  3: MSAFD-Tcpip [TCP/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  4: MSAFD-Tcpip [UDP/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  5: MSAFD-Tcpip [RAW/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  6: RSVP-TCPv6-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  7: RSVP-TCP-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  8: RSVP-UDPv6-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  9: RSVP-UDP-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol 10: MSAFD RfComm [Bluetooth]
        GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Bluetooth
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD RfComm [Bluetooth]

Namespace Provider  0: NLA (Network Location Awareness, NLAv1)-Namespace
        GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
 Description: Microsoft Windows NT/2k/XP name space provider
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: NLA-Namespace

Namespace Provider  1: E-Mail-Namenshimanbieter
        GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

Namespace Provider  2: PNRP-Wolken-Namespaceanbieter
        GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

Namespace Provider  3: PNRP-Namen-Namespaceanbieter
        GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

Namespace Provider  4: Bluetooth-Namespace
        GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
    Filename: %SystemRoot%\system32\wshbth.dll
 Description: Bluetooth
 DB filename: %SystemRoot%\system32\wshbth.dll
 DB protocol: Bluetooth-Namespace

Namespace Provider  5: mdnsNSP
        GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
 Description: Apple Rendezvous protocol
 DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
 DB protocol: mdnsNSP

Namespace Provider  6: TCP/IP
        GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
 Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: TCP/IP

Namespace Provider  7: NTDS
        GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
 Description: Microsoft Windows NT/2k/XP name space provider
 DB filename: %SystemRoot%\system32\winrnr.dll
 DB protocol: NTDS
hoffe es findet sich schnell ein spezialist hier der mir da weiterhilft kämpfe nun schon seit vier tagen mit diesem und nun bin ich langsam am verzweifeln

cosinus 05.04.2011 18:42
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Amok84 05.04.2011 20:36
Zitat:
Zitat von cosinus (Beitrag 636541)
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
ok hier sind alle logs:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6248

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

02.04.2011 21:59:42
mbam-log-2011-04-02 (21-59-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 164108
Laufzeit: 3 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\$Recycle.Bin\s-1-5-21-804603618-2216213293-859293424-1001\$RGLRSFZ.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6248

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514

03.04.2011 09:00:17
mbam-log-2011-04-03 (09-00-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|J:\|L:\|M:\|)
Durchsuchte Objekte: 539151
Laufzeit: 59 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\amok playlist copy\amokplaylistcopy.exe (Spyware.Banker) -> Quarantined and deleted successfully.
c:\program files (x86)\amok playlist copy\playlist_commandline.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
f:\system volume information\_restore{63cfa923-3c0c-4458-988e-465ac6283abb}\RP9\A0003414.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
g:\cryptload\cryptload_1.0.9\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
g:\cryptload\cryptload_1.0.9\ocr\rapidshare.com\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
g:\cryptload\cryptload_1.0.9\router\fritz!box\nc.exe (PUP.KeyLogger) -> Not selected for removal.
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6253

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514

03.04.2011 14:43:19
mbam-log-2011-04-03 (14-43-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162314
Laufzeit: 1 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6278

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

05.04.2011 17:18:43
mbam-log-2011-04-05 (17-18-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 323978
Laufzeit: 34 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\IKXGVMFZHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Q8PS7ZCLN6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 06.04.2011 08:17
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Amok84 06.04.2011 16:13
So wie gewünscht hier sind die OTL logs.

OTL.TXT
Code:
OTL logfile created on: 06.04.2011 16:56:29 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\****\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70,00 Gb Total Space | 18,75 Gb Free Space | 26,78% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 94,26 Gb Free Space | 40,47% Space Free | Partition Type: NTFS
Drive E: | 30,00 Gb Total Space | 7,20 Gb Free Space | 24,02% Space Free | Partition Type: NTFS
Drive F: | 149,05 Gb Total Space | 28,86 Gb Free Space | 19,36% Space Free | Partition Type: NTFS
Drive G: | 363,76 Gb Total Space | 70,31 Gb Free Space | 19,33% Space Free | Partition Type: NTFS
Drive I: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 115,03 Gb Total Space | 21,05 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive L: | 60,99 Gb Total Space | 27,93 Gb Free Space | 45,80% Space Free | Partition Type: FAT32
Drive M: | 870,51 Gb Total Space | 681,52 Gb Free Space | 78,29% Space Free | Partition Type: NTFS
 
Computer Name: WZ-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\SysWOW64\brss01a.exe (brother Industries Ltd)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\647E.tmp (Sophos Plc)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\drivers\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\drivers\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\SysNative\drivers\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\drivers\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (camfilt2) -- C:\Windows\SysNative\drivers\camfilt2.sys (Guillemot Corporation)
DRV:64bit: - (OM0530) -- C:\Windows\SysNative\drivers\ov530vx.sys (OmniVision Technology Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "h**p://www.google.de/"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "h**p://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.09.11 09:43:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.29 21:11:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.29 21:11:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.02.11 18:00:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.09.11 09:43:49 | 000,000,000 | ---D | M]
 
[2010.10.19 17:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.10.19 17:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.03 18:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\gzjjpqf0.default\extensions
[2011.03.29 21:44:17 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\gzjjpqf0.default\extensions\piclens@cooliris.com
[2010.07.24 14:32:05 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\gzjjpqf0.default\extensions\youtube2mp3@mondayx.de
[2009.09.06 13:14:46 | 000,001,805 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\gzjjpqf0.default\searchplugins\google-language-de.xml
[2011.04.06 13:09:19 | 000,000,944 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\gzjjpqf0.default\searchplugins\icqplugin.xml
[2011.04.03 18:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.07.13 21:36:27 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.23 07:19:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.11 09:07:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.26 17:37:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.22 21:34:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.28 15:58:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.03 18:27:49 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) --
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GZJJPQF0.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GZJJPQF0.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GZJJPQF0.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.05 08:32:59 | 000,431,614 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        123haustiereundmehr.com
O1 - Hosts: 14854 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.02 00:09:28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.04.21 09:03:04 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{11969de9-dad8-11de-a7dd-001a4d45a294}\Shell - "" = AutoRun
O33 - MountPoints2\{11969de9-dad8-11de-a7dd-001a4d45a294}\Shell\AutoRun\command - "" = I:\setup.exe -- [2009.07.15 21:39:51 | 000,106,760 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.06 13:09:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.04.05 17:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011.04.05 17:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011.04.03 18:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2011.04.03 18:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.04.03 18:27:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011.04.03 18:26:53 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.04.03 18:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011.04.03 09:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.02 21:23:55 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2011.04.02 21:23:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.02 21:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.02 21:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.02 21:23:46 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.02 21:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.02 18:37:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.02 11:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medieval Software
[2011.04.02 11:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medieval Software
[2011.04.02 11:41:26 | 001,235,950 | ---- | C] (Medieval Software) -- C:\Users\****\Desktop\cuesplitter_setup.exe
[2011.03.31 17:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011.03.31 17:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.4
[2011.03.31 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\mp3DirectCut
[2011.03.31 13:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mp3DirectCut
[2011.03.30 20:47:59 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\dnmc6000traktor
[2011.03.30 17:20:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4A818508-3355-4FBC-B302-D53B599DD9D5}
[2011.03.30 16:58:17 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\HQ
[2011.03.29 21:56:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\ProgSense
[2011.03.27 22:59:24 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.27 22:59:24 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.27 22:59:24 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.27 22:59:24 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.27 21:22:59 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Native Instruments
[2011.03.27 21:21:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\{350A83FF-9F09-4F7E-B637-791E24DED5A1}
[2011.03.27 21:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2011.03.27 21:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2011.03.27 21:20:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BB25779E-744C-48F3-94DE-CD6F60A5AC55}
[2011.03.27 21:20:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Native Instruments
[2011.03.27 21:20:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
[2011.03.27 21:20:07 | 000,000,000 | ---D | C] -- C:\Programme\Native Instruments
[2011.03.27 21:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2011.03.27 21:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DDJ_ASIO_Driver
[2011.03.27 21:15:12 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DENON_DJ
[2011.03.27 21:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DENON_DJ
[2011.03.27 21:01:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.03.27 21:01:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.03.27 20:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2011.03.27 20:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick
[2011.03.27 16:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVM_update
[2011.03.11 15:18:42 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.11 15:18:42 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.11 15:18:42 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.11 15:18:41 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.11 15:18:41 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.11 15:18:41 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.11 15:18:41 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.11 15:18:41 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.01.16 04:59:19 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeD811.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\****\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.06 16:55:55 | 000,002,376 | -HS- | M] () -- C:\Windows\KLIF.spi
[2011.04.06 16:55:18 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.04.06 16:55:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.06 13:18:06 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.06 13:18:06 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.06 13:09:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.04.05 21:27:24 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\LZJE.job
[2011.04.05 21:27:08 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.05 08:32:59 | 000,431,614 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.04.04 20:45:24 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.04.04 20:45:24 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.04.03 18:51:22 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.04.03 18:26:53 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.04.03 18:18:02 | 002,445,508 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.03 18:18:02 | 000,686,126 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.03 18:18:02 | 000,538,118 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.03 18:18:02 | 000,506,114 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.03 18:18:02 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.03 12:14:59 | 000,001,288 | ---- | M] () -- C:\Users\****\Desktop\Spybot - Search & Destroy.lnk
[2011.04.03 09:06:57 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.02 21:23:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.02 19:10:03 | 000,431,614 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110405-083259.backup
[2011.04.02 15:43:19 | 000,091,136 | RHS- | M] () -- C:\Windows\SysWow64\d3d83.dll
[2011.04.02 11:44:42 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\Medieval CUE Splitter.lnk
[2011.04.02 11:44:20 | 001,235,950 | ---- | M] (Medieval Software) -- C:\Users\****\Desktop\cuesplitter_setup.exe
[2011.03.31 17:37:19 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011.03.31 13:25:08 | 000,001,055 | ---- | M] () -- C:\Users\****\Desktop\mp3DirectCut.lnk
[2011.03.31 13:24:56 | 000,247,053 | ---- | M] () -- C:\Users\****\Desktop\mp3DC213.exe
[2011.03.30 20:47:54 | 000,086,988 | ---- | M] () -- C:\Users\****\Desktop\dnmc6000traktor.zip
[2011.03.29 21:38:01 | 000,431,482 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110402-191003.backup
[2011.03.29 21:12:00 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.27 22:22:02 | 013,947,699 | ---- | M] () -- C:\Users\****\Desktop\Requiem for a Dream (Hardcore Remix).mp3
[2011.03.27 21:32:32 | 003,197,847 | ---- | M] () -- C:\Users\****\Desktop\Patrice - Walking Alone.mp3
[2011.03.27 21:15:12 | 000,000,997 | ---- | M] () -- C:\Users\****\Desktop\DENON DJ ASIO Driver.lnk
[2011.03.27 21:11:50 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\****\Desktop\*.tmp files -> C:\Users\****\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.05 22:36:09 | 000,002,376 | -HS- | C] () -- C:\Windows\KLIF.spi
[2011.04.03 18:27:41 | 000,151,619 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.04.03 18:27:41 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.04.03 09:06:57 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.02 21:23:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.02 15:43:20 | 000,000,244 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.04.02 15:43:19 | 000,091,136 | RHS- | C] () -- C:\Windows\SysWow64\d3d83.dll
[2011.04.02 15:43:19 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\LZJE.job
[2011.04.02 11:42:58 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\Medieval CUE Splitter.lnk
[2011.03.31 17:37:19 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011.03.31 13:25:08 | 000,001,055 | ---- | C] () -- C:\Users\****\Desktop\mp3DirectCut.lnk
[2011.03.31 13:23:56 | 000,247,053 | ---- | C] () -- C:\Users\****\Desktop\mp3DC213.exe
[2011.03.30 20:47:51 | 000,086,988 | ---- | C] () -- C:\Users\****\Desktop\dnmc6000traktor.zip
[2011.03.29 21:12:00 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.27 21:15:12 | 000,000,997 | ---- | C] () -- C:\Users\****\Desktop\DENON DJ ASIO Driver.lnk
[2010.02.22 00:07:48 | 000,000,017 | ---- | C] () -- C:\Users\****\AppData\Local\resmon.resmoncfg
[2009.12.27 20:29:16 | 000,008,704 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.15 23:36:17 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2009.12.15 23:36:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.12.15 23:36:16 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.12.05 10:27:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.27 17:12:44 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.11.27 17:12:44 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.11.26 23:33:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.26 22:38:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >
Extras.txt
Code:
OTL Extras logfile created on: 06.04.2011 16:56:29 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\****\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70,00 Gb Total Space | 18,75 Gb Free Space | 26,78% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 94,26 Gb Free Space | 40,47% Space Free | Partition Type: NTFS
Drive E: | 30,00 Gb Total Space | 7,20 Gb Free Space | 24,02% Space Free | Partition Type: NTFS
Drive F: | 149,05 Gb Total Space | 28,86 Gb Free Space | 19,36% Space Free | Partition Type: NTFS
Drive G: | 363,76 Gb Total Space | 70,31 Gb Free Space | 19,33% Space Free | Partition Type: NTFS
Drive I: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 115,03 Gb Total Space | 21,05 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive L: | 60,99 Gb Total Space | 27,93 Gb Free Space | 45,80% Space Free | Partition Type: FAT32
Drive M: | 870,51 Gb Total Space | 681,52 Gb Free Space | 78,29% Space Free | Partition Type: NTFS
 
Computer Name: WZ-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{37A62E96-D157-487E-9954-84E8557DE9ED}" = ATI Catalyst Install Manager
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F250A44A-10C6-CF88-275C-899C259B1321}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AFC55D4-9CDF-B140-2E4F-0B818B9B8C0E}" = CCC Help Italian
"{0DE39AB6-D1BF-535C-F342-2F9986801936}" = CCC Help Japanese
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{226EA3C9-0EAF-9546-46C4-F2FF55F7A6F1}" = CCC Help Dutch
"{22980C46-EBB6-C22C-016A-E0CFAC15118B}" = CCC Help Czech
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{250755EE-312C-3B38-1BAF-501A71A3851D}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{30D71FC9-E909-330C-57F9-C649C8837AA5}" = CCC Help Greek
"{3154CFC9-2E4F-B839-2944-2A27200B4D64}" = CCC Help Swedish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{361D8754-326D-B7CC-8DC7-95966DD01ED4}" = Catalyst Control Center Graphics Previews Common
"{36E89A40-DD04-239B-A69E-532A27547089}" = CCC Help English
"{37EC24B2-2E75-0AEB-F8A1-12A0C7EB5EED}" = Catalyst Control Center InstallProxy
"{37FD8D84-7B88-6B5A-376A-34E2B7C28816}" = ccc-core-static
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4807FDA4-7AF3-66CA-C167-779A333D6FFC}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A154586-7AEB-4305-3B12-D73F0886B839}" = Catalyst Control Center HydraVision Full
"{5DF79887-598B-DE65-9755-4B7D8C3D87BE}" = CCC Help Chinese Standard
"{61A0F92B-89A0-F7AD-4CA2-97991862EB10}" = CCC Help Hungarian
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{687E8557-CBF3-A7FF-33EC-00BE6266BFAA}" = CCC Help Russian
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A44A28A-5D79-8100-7BDF-FB637E62715B}" = CCC Help Polish
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{72FA4B28-3A99-1533-0E7C-94E6D20CD1A8}" = CCC Help Chinese Traditional
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CA26B08-BEFD-D4D2-52E1-24E730284594}" = Catalyst Control Center Graphics Light
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BAE0863-3E9A-4BC3-BBF3-7FA08738C5E2}" = Speak-A-Message
"{8E5CDC9B-CB0A-6E78-5BBE-C3D3F67B50E3}" = CCC Help Norwegian
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{96A8FABC-AADB-F299-0826-AF2246CE012F}" = CCC Help Danish
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D98630B-BD50-3C44-58D2-1571AEA889D3}" = CCC Help Portuguese
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E4EFA2A-4344-4C56-F927-7F7C53845BE2}" = CCC Help German
"{A37CA3F0-B0C6-8256-02BA-B06CEE1E5BEB}" = CCC Help Korean
"{A724AEC6-494E-6BD5-C12A-9F51AF6C1123}" = Skins
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AC814121-74BA-A025-358E-B706354ED7F5}" = Catalyst Control Center Graphics Full New
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-120C
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC2B3907-3DEA-6E0E-E5A5-C6FCF876ECD5}" = CCC Help French
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1F9CD55-A15A-846F-B2B1-D73F37C65B3E}" = CCC Help Spanish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DEAC1EEB-48FD-36A6-B87B-58E365C92EFB}" = Catalyst Control Center Graphics Previews Vista
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Webcam Deluxe
"{E9E871B9-4E1D-38D7-7ECF-4DFD3708CC67}" = Catalyst Control Center Core Implementation
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF7F8782-0E8D-A566-195F-8FF2360CA6C8}" = CCC Help Thai
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F15DDD54-CA1A-6764-2CF4-1C601725E96C}" = Catalyst Control Center Graphics Full Existing
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F8BD7716-7362-4553-9890-378322F2C0CC}" = DENON DJ ASIO Driver
"{F9A4662C-775D-32CF-4B6B-DEC701FDD516}" = CCC Help Finnish
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"**** Playlist Copy" = **** Playlist Copy 2.04
"ASIO4ALL" = ASIO4ALL
"AVMWLANCLI" = AVM FRITZ!WLAN
"Cisco Packet Tracer_is1" = Cisco Packet Tracer 5.2.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MozBackup" = MozBackup 1.4.10-beta1
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Noki_is1" = Noki v2.1
"Nokia Ovi Suite" = Nokia Ovi Suite
"Rainlendar2" = Rainlendar2 (remove only)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Steam App 240" = Counter-Strike: Source
"Switch" = Switch Sound File Converter
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"Microsoft Office Enterprise 2007_c0ad2668" = Microsoft Office Enterprise 2007 (Thinstalled)
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

cosinus 06.04.2011 16:24
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.03.30 17:20:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4A818508-3355-4FBC-B302-D53B599DD9D5}
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.02 00:09:28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.04.21 09:03:04 | 000,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{11969de9-dad8-11de-a7dd-001a4d45a294}\Shell - "" = AutoRun
O33 - MountPoints2\{11969de9-dad8-11de-a7dd-001a4d45a294}\Shell\AutoRun\command - "" = I:\setup.exe -- [2009.07.15 21:39:51 | 000,106,760 | R--- | M] (Microsoft Corporation)
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Amok84 06.04.2011 16:39
Hab den Fix gestartet dann ein reboot und hab folgenden text bekommen:

Code:
All processes killed
========== OTL ==========
C:\ProgramData\{4A818508-3355-4FBC-B302-D53B599DD9D5} folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
E:\AUTOEXEC.BAT moved successfully.
File I:\autorun.inf not found.
J:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11969de9-dad8-11de-a7dd-001a4d45a294}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11969de9-dad8-11de-a7dd-001a4d45a294}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11969de9-dad8-11de-a7dd-001a4d45a294}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11969de9-dad8-11de-a7dd-001a4d45a294}\ not found.
File I:\setup.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Amok
->Temp folder emptied: 97386528 bytes
->Temporary Internet Files folder emptied: 5226898 bytes
->Java cache emptied: 48589023 bytes
->FireFox cache emptied: 58369793 bytes
->Flash cache emptied: 4023 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52064 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85163 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 200,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04062011_173507

Files\Folders moved on Reboot...
C:\Users\Amok\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
denke mal das wars aber noch nicht die probleme bestehen auch nach dem fix und reboot immernoch

cosinus 06.04.2011 17:53
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Amok84 06.04.2011 18:28
Das Kaspersky tool meldete 0 funde hier die log datei

Code:
2011/04/06 19:23:46.0070 4436        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/06 19:23:46.0397 4436        ================================================================================
2011/04/06 19:23:46.0397 4436        SystemInfo:
2011/04/06 19:23:46.0397 4436       
2011/04/06 19:23:46.0397 4436        OS Version: 6.1.7601 ServicePack: 1.0
2011/04/06 19:23:46.0397 4436        Product type: Workstation
2011/04/06 19:23:46.0397 4436        ComputerName: WZ-PC
2011/04/06 19:23:46.0397 4436        UserName: Amok
2011/04/06 19:23:46.0397 4436        Windows directory: C:\Windows
2011/04/06 19:23:46.0397 4436        System windows directory: C:\Windows
2011/04/06 19:23:46.0397 4436        Running under WOW64
2011/04/06 19:23:46.0397 4436        Processor architecture: Intel x64
2011/04/06 19:23:46.0397 4436        Number of processors: 4
2011/04/06 19:23:46.0397 4436        Page size: 0x1000
2011/04/06 19:23:46.0397 4436        Boot type: Normal boot
2011/04/06 19:23:46.0397 4436        ================================================================================
2011/04/06 19:23:46.0974 4436        Initialize success
2011/04/06 19:24:24.0539 4404        ================================================================================
2011/04/06 19:24:24.0539 4404        Scan started
2011/04/06 19:24:24.0539 4404        Mode: Manual;
2011/04/06 19:24:24.0539 4404        ================================================================================
2011/04/06 19:24:26.0567 4404        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/04/06 19:24:26.0614 4404        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/04/06 19:24:26.0645 4404        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/04/06 19:24:26.0677 4404        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/06 19:24:26.0708 4404        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/06 19:24:26.0739 4404        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/06 19:24:26.0801 4404        AFD            (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/04/06 19:24:26.0833 4404        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/04/06 19:24:26.0864 4404        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/04/06 19:24:26.0879 4404        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/04/06 19:24:26.0895 4404        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/06 19:24:26.0926 4404        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/06 19:24:26.0942 4404        amdsata        (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/04/06 19:24:26.0973 4404        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/06 19:24:27.0004 4404        amdxata        (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/04/06 19:24:27.0035 4404        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/04/06 19:24:27.0067 4404        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/06 19:24:27.0098 4404        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/06 19:24:27.0129 4404        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/06 19:24:27.0145 4404        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/04/06 19:24:27.0269 4404        atikmdag        (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/06 19:24:27.0425 4404        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/06 19:24:27.0472 4404        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/06 19:24:27.0503 4404        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/06 19:24:27.0535 4404        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/06 19:24:27.0581 4404        bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/06 19:24:27.0597 4404        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/06 19:24:27.0613 4404        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/06 19:24:27.0644 4404        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/06 19:24:27.0659 4404        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/06 19:24:27.0675 4404        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/06 19:24:27.0691 4404        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/06 19:24:27.0722 4404        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/04/06 19:24:27.0737 4404        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/06 19:24:27.0769 4404        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/06 19:24:27.0815 4404        BTHPORT        (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\System32\Drivers\BTHport.sys
2011/04/06 19:24:27.0862 4404        BTHUSB          (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\System32\Drivers\BTHUSB.sys
2011/04/06 19:24:27.0925 4404        camfilt2        (dc22832c7a65054129defe8bc0c6e2b6) C:\Windows\system32\DRIVERS\camfilt2.sys
2011/04/06 19:24:27.0956 4404        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/06 19:24:27.0987 4404        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/04/06 19:24:28.0018 4404        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/06 19:24:28.0065 4404        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/06 19:24:28.0112 4404        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/06 19:24:28.0143 4404        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/04/06 19:24:28.0190 4404        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/04/06 19:24:28.0221 4404        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/06 19:24:28.0237 4404        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/04/06 19:24:28.0268 4404        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/06 19:24:28.0315 4404        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/04/06 19:24:28.0361 4404        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/04/06 19:24:28.0393 4404        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/06 19:24:28.0455 4404        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/06 19:24:28.0502 4404        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/06 19:24:28.0564 4404        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/06 19:24:28.0658 4404        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/06 19:24:28.0783 4404        ElbyCDIO        (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/04/06 19:24:28.0814 4404        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/06 19:24:28.0861 4404        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/04/06 19:24:28.0892 4404        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/06 19:24:28.0923 4404        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/06 19:24:28.0954 4404        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/06 19:24:28.0985 4404        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/06 19:24:29.0001 4404        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/06 19:24:29.0032 4404        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/06 19:24:29.0063 4404        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/04/06 19:24:29.0110 4404        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/06 19:24:29.0126 4404        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/06 19:24:29.0204 4404        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/06 19:24:29.0266 4404        FWLANUSB        (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/04/06 19:24:29.0297 4404        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/06 19:24:29.0360 4404        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/06 19:24:29.0391 4404        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/06 19:24:29.0422 4404        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/04/06 19:24:29.0469 4404        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/04/06 19:24:29.0516 4404        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/06 19:24:29.0609 4404        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/06 19:24:29.0719 4404        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/06 19:24:29.0875 4404        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/06 19:24:30.0015 4404        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/06 19:24:30.0062 4404        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/04/06 19:24:30.0109 4404        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/06 19:24:30.0140 4404        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/04/06 19:24:30.0171 4404        iaStorV        (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/04/06 19:24:30.0202 4404        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/06 19:24:30.0280 4404        IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/06 19:24:30.0311 4404        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/04/06 19:24:30.0358 4404        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/06 19:24:30.0405 4404        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/06 19:24:30.0436 4404        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/06 19:24:30.0452 4404        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/06 19:24:30.0499 4404        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/06 19:24:30.0514 4404        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/04/06 19:24:30.0561 4404        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/04/06 19:24:30.0592 4404        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/06 19:24:30.0623 4404        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/06 19:24:30.0701 4404        KL1            (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
2011/04/06 19:24:30.0733 4404        kl2            (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
2011/04/06 19:24:30.0795 4404        KLIF            (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys
2011/04/06 19:24:30.0842 4404        KLIM6          (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
2011/04/06 19:24:30.0873 4404        klmouflt        (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/04/06 19:24:30.0920 4404        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/06 19:24:30.0951 4404        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/06 19:24:30.0982 4404        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/06 19:24:31.0029 4404        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/06 19:24:31.0076 4404        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/06 19:24:31.0107 4404        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/06 19:24:31.0123 4404        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/06 19:24:31.0154 4404        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/06 19:24:31.0169 4404        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/06 19:24:31.0201 4404        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/06 19:24:31.0232 4404        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/06 19:24:31.0263 4404        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/06 19:24:31.0294 4404        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/06 19:24:31.0325 4404        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/06 19:24:31.0372 4404        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/06 19:24:31.0419 4404        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/04/06 19:24:31.0466 4404        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/04/06 19:24:31.0497 4404        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/06 19:24:31.0544 4404        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/04/06 19:24:31.0684 4404        mrxsmb          (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/06 19:24:31.0747 4404        mrxsmb10        (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/06 19:24:31.0825 4404        mrxsmb20        (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/06 19:24:31.0871 4404        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/04/06 19:24:31.0903 4404        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/04/06 19:24:31.0949 4404        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/06 19:24:31.0965 4404        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/06 19:24:31.0996 4404        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/04/06 19:24:32.0043 4404        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/06 19:24:32.0059 4404        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/06 19:24:32.0090 4404        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/06 19:24:32.0121 4404        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/04/06 19:24:32.0152 4404        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/04/06 19:24:32.0168 4404        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/06 19:24:32.0183 4404        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/06 19:24:32.0215 4404        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/06 19:24:32.0261 4404        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/06 19:24:32.0308 4404        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/04/06 19:24:32.0339 4404        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/06 19:24:32.0355 4404        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/06 19:24:32.0386 4404        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/06 19:24:32.0402 4404        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/06 19:24:32.0449 4404        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/04/06 19:24:32.0464 4404        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/06 19:24:32.0511 4404        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/06 19:24:32.0589 4404        netr7364        (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
2011/04/06 19:24:32.0636 4404        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/06 19:24:32.0698 4404        nmwcdcx64      (2c761cc067acf0fb4ea13930b09bfeea) C:\Windows\system32\drivers\ccdcmbox64.sys
2011/04/06 19:24:32.0729 4404        nmwcdnsucx64    (ce90d1dd60db810a45e13fccea47e890) C:\Windows\system32\drivers\nmwcdnsucx64.sys
2011/04/06 19:24:32.0761 4404        nmwcdnsux64    (f5a8219ea8a6b67280308fae169b65c0) C:\Windows\system32\drivers\nmwcdnsux64.sys
2011/04/06 19:24:32.0823 4404        nmwcdx64        (63051819d5cac0fa49c425fc5e1a2b5c) C:\Windows\system32\drivers\ccdcmbx64.sys
2011/04/06 19:24:32.0839 4404        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/06 19:24:32.0870 4404        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/06 19:24:32.0917 4404        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/04/06 19:24:32.0979 4404        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/06 19:24:33.0026 4404        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/04/06 19:24:33.0057 4404        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/04/06 19:24:33.0088 4404        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/04/06 19:24:33.0119 4404        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/04/06 19:24:33.0166 4404        OM0530          (fa5d730ce3f3a3bd21c1040e212230d4) C:\Windows\system32\Drivers\ov530vx.sys
2011/04/06 19:24:33.0229 4404        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/06 19:24:33.0260 4404        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/04/06 19:24:33.0322 4404        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/04/06 19:24:33.0338 4404        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/04/06 19:24:33.0369 4404        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/04/06 19:24:33.0400 4404        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/06 19:24:33.0431 4404        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/06 19:24:33.0463 4404        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/06 19:24:33.0587 4404        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/06 19:24:33.0603 4404        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/06 19:24:33.0650 4404        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/06 19:24:33.0697 4404        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/06 19:24:33.0759 4404        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/06 19:24:33.0790 4404        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/06 19:24:33.0806 4404        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/06 19:24:33.0853 4404        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/06 19:24:33.0884 4404        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/06 19:24:33.0915 4404        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/06 19:24:33.0946 4404        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/06 19:24:33.0962 4404        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/06 19:24:33.0993 4404        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/06 19:24:34.0009 4404        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/06 19:24:34.0040 4404        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/04/06 19:24:34.0071 4404        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/06 19:24:34.0087 4404        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/06 19:24:34.0133 4404        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/04/06 19:24:34.0165 4404        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/04/06 19:24:34.0211 4404        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/06 19:24:34.0243 4404        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/06 19:24:34.0305 4404        RTL8167        (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/06 19:24:34.0336 4404        RtNdPt60        (2b38c905492f36fe42b59da52d6b4eb7) C:\Windows\system32\DRIVERS\RtNdPt60.sys
2011/04/06 19:24:34.0383 4404        RTTEAMPT        (3fb2fd668fa4cd4aed1953f85f916cf1) C:\Windows\system32\DRIVERS\RtTeam60.sys
2011/04/06 19:24:34.0399 4404        RTVLANPT        (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
2011/04/06 19:24:34.0445 4404        s1018bus        (301fba4594fb5c0a469299a65106b4aa) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/04/06 19:24:34.0461 4404        s1018mdfl      (d1d7c744f79710357e60fc04d125ed01) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/04/06 19:24:34.0492 4404        s1018mdm        (7dbe12cccd837d4266b2ddd80a329c09) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/04/06 19:24:34.0523 4404        s1018mgmt      (065ff5e62d2d18a6d93fd925546cd549) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/04/06 19:24:34.0555 4404        s1018nd5        (5101d815bdf0d667e3d5f0ea727caaee) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/04/06 19:24:34.0586 4404        s1018obex      (13f220c65b444ac9bda49dacfc3230bb) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/04/06 19:24:34.0617 4404        s1018unic      (ce7d8bce80211d8a35f6bd7a87791860) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/04/06 19:24:34.0648 4404        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/04/06 19:24:34.0664 4404        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/06 19:24:34.0742 4404        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/06 19:24:34.0773 4404        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/06 19:24:34.0820 4404        seehcri        (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/06 19:24:34.0835 4404        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/06 19:24:34.0867 4404        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/06 19:24:34.0898 4404        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/06 19:24:34.0945 4404        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/04/06 19:24:34.0960 4404        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/06 19:24:34.0976 4404        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/06 19:24:34.0991 4404        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/06 19:24:35.0038 4404        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/06 19:24:35.0054 4404        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/06 19:24:35.0085 4404        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/06 19:24:35.0116 4404        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/06 19:24:35.0179 4404        srv            (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
2011/04/06 19:24:35.0210 4404        srv2            (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/06 19:24:35.0257 4404        srvnet          (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/06 19:24:35.0303 4404        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/06 19:24:35.0335 4404        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/04/06 19:24:35.0366 4404        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/04/06 19:24:35.0381 4404        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/04/06 19:24:35.0491 4404        Tcpip          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/04/06 19:24:35.0569 4404        TCPIP6          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/06 19:24:35.0615 4404        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/06 19:24:35.0647 4404        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/06 19:24:35.0678 4404        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/06 19:24:35.0693 4404        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/06 19:24:35.0740 4404        TEAM            (3fb2fd668fa4cd4aed1953f85f916cf1) C:\Windows\system32\DRIVERS\RtTeam60.sys
2011/04/06 19:24:35.0756 4404        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/04/06 19:24:35.0803 4404        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/06 19:24:35.0834 4404        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/04/06 19:24:35.0865 4404        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/06 19:24:35.0881 4404        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/06 19:24:35.0912 4404        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/06 19:24:35.0959 4404        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/06 19:24:35.0990 4404        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/04/06 19:24:36.0005 4404        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/06 19:24:36.0068 4404        upperdev        (bcd611d240604ceee7f90805361fab50) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
2011/04/06 19:24:36.0099 4404        USBAAPL64      (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/04/06 19:24:36.0146 4404        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/04/06 19:24:36.0193 4404        usbccgp        (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/06 19:24:36.0224 4404        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/04/06 19:24:36.0239 4404        usbehci        (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/06 19:24:36.0286 4404        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/04/06 19:24:36.0317 4404        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/06 19:24:36.0333 4404        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/06 19:24:36.0364 4404        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/06 19:24:36.0395 4404        usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
2011/04/06 19:24:36.0427 4404        UsbserFilt      (d91be2644b18b4e3c69982fe0e1e97d6) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
2011/04/06 19:24:36.0458 4404        USBSTOR        (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
2011/04/06 19:24:36.0473 4404        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/06 19:24:36.0520 4404        VClone          (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
2011/04/06 19:24:36.0536 4404        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/04/06 19:24:36.0567 4404        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/06 19:24:36.0583 4404        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/06 19:24:36.0614 4404        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/04/06 19:24:36.0645 4404        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/04/06 19:24:36.0661 4404        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/04/06 19:24:36.0692 4404        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/04/06 19:24:36.0707 4404        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/04/06 19:24:36.0770 4404        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/04/06 19:24:36.0785 4404        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/04/06 19:24:36.0817 4404        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/06 19:24:36.0848 4404        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/06 19:24:36.0879 4404        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/06 19:24:36.0910 4404        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/06 19:24:36.0941 4404        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 19:24:36.0957 4404        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 19:24:36.0988 4404        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/06 19:24:37.0019 4404        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/06 19:24:37.0082 4404        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/06 19:24:37.0097 4404        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/06 19:24:37.0160 4404        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/06 19:24:37.0191 4404        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/06 19:24:37.0222 4404        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/06 19:24:37.0269 4404        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/04/06 19:24:37.0316 4404        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/06 19:24:37.0612 4404        ================================================================================
2011/04/06 19:24:37.0612 4404        Scan finished
2011/04/06 19:24:37.0612 4404        ================================================================================
2011/04/06 19:24:48.0673 4428        Deinitialize success

cosinus 06.04.2011 18:30
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Amok84 06.04.2011 19:15
es scheint bis jetzt als wenn combofix das problem in den griff bekommen hat

Code:
ComboFix 11-04-05.02 - Amok 06.04.2011  19:55:05.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2046.1263 [GMT 2:00]
ausgeführt von:: c:\users\Amok\Desktop\cofi.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpeD811.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-06 bis 2011-04-06  ))))))))))))))))))))))))))))))
.
.
2011-04-06 18:00 . 2011-04-06 18:00        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-06 15:35 . 2011-04-06 15:35        --------        d-----w-        C:\_OTL
2011-04-06 15:15 . 2011-03-15 05:17        8424784        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBC5673C-2B45-4CBC-A621-78B13DA73647}\mpengine.dll
2011-04-05 15:29 . 2011-04-05 15:29        --------        d-----w-        c:\program files (x86)\Sophos
2011-04-03 16:27 . 2010-10-05 18:27        150200        ----a-w-        c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-04-03 16:27 . 2011-04-06 17:53        --------        d-----w-        c:\programdata\Kaspersky Lab
2011-04-03 16:27 . 2011-04-03 16:27        --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2011-04-03 16:22 . 2011-04-03 16:22        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2011-04-02 19:23 . 2011-04-02 19:23        --------        d-----w-        c:\users\Amok\AppData\Roaming\Malwarebytes
2011-04-02 19:23 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-02 19:23 . 2011-04-02 19:23        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-02 19:23 . 2011-04-02 19:23        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-02 19:23 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-02 16:37 . 2011-04-02 16:37        --------        d-----w-        c:\windows\Sun
2011-04-02 13:43 . 2011-04-02 13:43        91136        --sha-r-        c:\windows\SysWow64\d3d83.dll
2011-04-02 09:44 . 2011-04-02 09:44        --------        d-----w-        c:\program files (x86)\Medieval Software
2011-03-31 15:37 . 2011-03-31 15:37        --------        d-----w-        c:\program files (x86)\ICQ7.4
2011-03-31 11:25 . 2011-03-31 11:25        --------        d-----w-        c:\users\Amok\AppData\Roaming\mp3DirectCut
2011-03-31 11:25 . 2011-03-31 11:25        --------        d-----w-        c:\program files (x86)\mp3DirectCut
2011-03-29 19:56 . 2011-03-29 19:56        --------        d-----w-        c:\users\Amok\AppData\Roaming\ProgSense
2011-03-29 19:11 . 2011-03-18 17:56        781272        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-29 19:11 . 2011-03-18 17:56        728024        ----a-w-        c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-29 19:11 . 2011-03-18 17:56        1874904        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-29 19:11 . 2011-03-18 17:56        15832        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-29 19:11 . 2011-03-18 17:56        142296        ----a-w-        c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-29 19:11 . 2011-03-18 17:56        1975768        ----a-w-        c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-29 19:11 . 2011-03-18 17:56        1893336        ----a-w-        c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-29 19:11 . 2011-03-18 17:56        142296        ----a-w-        c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-27 20:59 . 2011-02-19 12:05        1139200        ----a-w-        c:\windows\system32\FntCache.dll
2011-03-27 20:59 . 2011-02-19 12:04        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2011-03-27 20:59 . 2011-02-19 12:04        902656        ----a-w-        c:\windows\system32\d2d1.dll
2011-03-27 20:59 . 2011-02-19 06:30        1076736        ----a-w-        c:\windows\SysWow64\DWrite.dll
2011-03-27 20:59 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2011-03-27 19:21 . 2011-03-27 19:21        --------        dc-h--w-        c:\programdata\{350A83FF-9F09-4F7E-B637-791E24DED5A1}
2011-03-27 19:20 . 2011-03-27 19:20        --------        d-----w-        c:\program files (x86)\Common Files\Native Instruments
2011-03-27 19:20 . 2011-03-30 15:20        --------        d-----w-        c:\programdata\Native Instruments
2011-03-27 19:20 . 2011-03-27 19:20        --------        dc-h--w-        c:\programdata\{BB25779E-744C-48F3-94DE-CD6F60A5AC55}
2011-03-27 19:20 . 2011-03-27 19:20        --------        d-----w-        c:\program files\Common Files\Native Instruments
2011-03-27 19:20 . 2011-03-27 19:20        --------        dc-h--w-        c:\programdata\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
2011-03-27 19:20 . 2011-03-30 15:20        --------        d-----w-        c:\program files\Native Instruments
2011-03-27 19:19 . 2011-03-27 19:19        --------        d-----w-        c:\programdata\DDJ_ASIO_Driver
2011-03-27 19:15 . 2011-03-27 19:15        --------        d-----w-        c:\program files (x86)\DENON_DJ
2011-03-27 19:01 . 2011-01-17 11:09        197120        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-03-27 19:01 . 2011-01-17 05:47        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2011-03-27 18:59 . 2011-03-27 18:59        --------        d-----w-        c:\program files (x86)\avmwlanstick
2011-03-27 14:10 . 2011-03-27 18:59        --------        d-----w-        c:\program files (x86)\AVM_update
2011-03-12 10:28 . 2011-03-12 10:28        103864        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 10:28 . 2011-03-12 10:28        103864        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-11 13:18 . 2010-12-23 10:42        961024        ----a-w-        c:\windows\system32\CPFilters.dll
2011-03-11 13:18 . 2010-12-23 10:42        723968        ----a-w-        c:\windows\system32\EncDec.dll
2011-03-11 13:18 . 2010-12-23 05:54        642048        ----a-w-        c:\windows\SysWow64\CPFilters.dll
2011-03-11 13:18 . 2010-12-23 10:42        1118720        ----a-w-        c:\windows\system32\sbe.dll
2011-03-11 13:18 . 2010-12-23 10:36        259072        ----a-w-        c:\windows\system32\mpg2splt.ax
2011-03-11 13:18 . 2010-12-23 05:54        850944        ----a-w-        c:\windows\SysWow64\sbe.dll
2011-03-11 13:18 . 2010-12-23 05:54        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
2011-03-11 13:18 . 2010-12-23 05:50        199680        ----a-w-        c:\windows\SysWow64\mpg2splt.ax
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-28 16:14 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-02-28 16:14 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-02-02 20:40 . 2010-04-23 05:19        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-02-02 16:11 . 2009-11-26 21:18        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-21 05:36 . 2011-01-21 05:36        74272        ----a-w-        c:\windows\system32\RtNicProp64.dll
2011-01-21 05:36 . 2011-01-21 05:36        413800        ----a-w-        c:\windows\system32\drivers\Rt64win7.sys
2011-01-21 05:36 . 2009-11-12 06:24        107552        ----a-w-        c:\windows\system32\RTNUninst64.dll
2011-01-07 12:17 . 2011-02-24 12:43        475648        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-01-07 12:17 . 2011-02-24 12:43        1465344        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-01-07 12:14 . 2011-02-09 20:36        46080        ----a-w-        c:\windows\system32\atmlib.dll
2011-01-07 09:51 . 2011-02-09 20:37        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-01-07 09:20 . 2011-02-09 20:36        366592        ----a-w-        c:\windows\system32\atmfd.dll
2011-01-07 07:46 . 2011-02-24 12:43        870912        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:46 . 2011-02-24 12:43        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-09 20:36        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2011-01-07 06:01 . 2011-02-09 20:37        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-01-07 05:43 . 2011-02-09 20:36        294400        ----a-w-        c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-01-12 37888]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-02 365336]
.
c:\users\Amok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\647E.tmp [x]
R3 netr7364;RT73-Drahtlostreiber für Vista von Askey;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 OM0530;Hercules Deluxe Webcam;c:\windows\system32\Drivers\ov530vx.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 TCCrystalCpuInfo;TCCrystalCpuInfo;c:\users\Amok\AppData\Local\Temp\TCCpuInfo64.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-10-19 5250048]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - ElbyCDIO
*Deregistered* - klmd25
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Amok\AppData\Roaming\Mozilla\Firefox\Profiles\gzjjpqf0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Native Instruments Traktor 2 - c:\programdata\{4A818508-3355-4FBC-B302-D53B599DD9D5}\Traktor 2 Setup PC.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{4A818508-3355-4FBC-B302-D53B599DD9D5}\Traktor 2 Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\647E.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-06  20:03:11
ComboFix-quarantined-files.txt  2011-04-06 18:03
.
Vor Suchlauf: 10 Verzeichnis(se), 20.182.786.048 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 20.037.681.152 Bytes frei
.
- - End Of File - - 7FE222CDEAD6F8B59FDD6E0747C82DFB

cosinus 06.04.2011 19:45
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Amok84 06.04.2011 20:28
das tool sagt wieder nix gefunden

Code:
2011/04/06 21:26:21.0860 1788        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/06 21:26:22.0156 1788        ================================================================================
2011/04/06 21:26:22.0156 1788        SystemInfo:
2011/04/06 21:26:22.0156 1788       
2011/04/06 21:26:22.0156 1788        OS Version: 6.1.7601 ServicePack: 1.0
2011/04/06 21:26:22.0156 1788        Product type: Workstation
2011/04/06 21:26:22.0156 1788        ComputerName: WZ-PC
2011/04/06 21:26:22.0156 1788        UserName: Amok
2011/04/06 21:26:22.0156 1788        Windows directory: C:\Windows
2011/04/06 21:26:22.0156 1788        System windows directory: C:\Windows
2011/04/06 21:26:22.0156 1788        Running under WOW64
2011/04/06 21:26:22.0156 1788        Processor architecture: Intel x64
2011/04/06 21:26:22.0156 1788        Number of processors: 4
2011/04/06 21:26:22.0156 1788        Page size: 0x1000
2011/04/06 21:26:22.0156 1788        Boot type: Normal boot
2011/04/06 21:26:22.0156 1788        ================================================================================
2011/04/06 21:26:22.0624 1788        Initialize success
2011/04/06 21:26:24.0824 3612        ================================================================================
2011/04/06 21:26:24.0824 3612        Scan started
2011/04/06 21:26:24.0824 3612        Mode: Manual;
2011/04/06 21:26:24.0824 3612        ================================================================================
2011/04/06 21:26:25.0666 3612        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/04/06 21:26:25.0697 3612        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/04/06 21:26:25.0744 3612        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/04/06 21:26:25.0775 3612        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/06 21:26:25.0806 3612        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/06 21:26:25.0900 3612        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/06 21:26:25.0947 3612        AFD            (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/04/06 21:26:25.0994 3612        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/04/06 21:26:26.0025 3612        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/04/06 21:26:26.0040 3612        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/04/06 21:26:26.0072 3612        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/06 21:26:26.0087 3612        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/06 21:26:26.0103 3612        amdsata        (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/04/06 21:26:26.0150 3612        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/06 21:26:26.0181 3612        amdxata        (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/04/06 21:26:26.0243 3612        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/04/06 21:26:26.0290 3612        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/06 21:26:26.0306 3612        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/06 21:26:26.0352 3612        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/06 21:26:26.0368 3612        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/04/06 21:26:26.0493 3612        atikmdag        (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/06 21:26:26.0602 3612        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/06 21:26:26.0633 3612        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/06 21:26:26.0664 3612        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/06 21:26:26.0696 3612        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/06 21:26:26.0742 3612        bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/06 21:26:26.0758 3612        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/06 21:26:26.0774 3612        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/06 21:26:26.0805 3612        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/06 21:26:26.0820 3612        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/06 21:26:26.0852 3612        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/06 21:26:26.0883 3612        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/06 21:26:26.0914 3612        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/04/06 21:26:26.0930 3612        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/06 21:26:26.0961 3612        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/06 21:26:27.0008 3612        BTHPORT        (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\System32\Drivers\BTHport.sys
2011/04/06 21:26:27.0039 3612        BTHUSB          (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\System32\Drivers\BTHUSB.sys
2011/04/06 21:26:27.0070 3612        camfilt2        (dc22832c7a65054129defe8bc0c6e2b6) C:\Windows\system32\DRIVERS\camfilt2.sys
2011/04/06 21:26:27.0117 3612        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/06 21:26:27.0164 3612        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/04/06 21:26:27.0210 3612        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/06 21:26:27.0242 3612        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/06 21:26:27.0273 3612        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/06 21:26:27.0304 3612        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/04/06 21:26:27.0335 3612        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/04/06 21:26:27.0351 3612        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/06 21:26:27.0382 3612        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/04/06 21:26:27.0413 3612        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/06 21:26:27.0460 3612        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/04/06 21:26:27.0507 3612        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/04/06 21:26:27.0538 3612        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/06 21:26:27.0569 3612        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/06 21:26:27.0616 3612        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/06 21:26:27.0663 3612        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/06 21:26:27.0741 3612        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/06 21:26:27.0803 3612        ElbyCDIO        (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/04/06 21:26:27.0819 3612        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/06 21:26:27.0850 3612        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/04/06 21:26:27.0866 3612        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/06 21:26:27.0897 3612        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/06 21:26:27.0928 3612        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/06 21:26:27.0944 3612        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/06 21:26:27.0975 3612        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/06 21:26:27.0990 3612        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/06 21:26:28.0022 3612        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/04/06 21:26:28.0053 3612        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/06 21:26:28.0084 3612        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/06 21:26:28.0115 3612        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/06 21:26:28.0178 3612        FWLANUSB        (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/04/06 21:26:28.0209 3612        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/06 21:26:28.0256 3612        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/06 21:26:28.0287 3612        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/06 21:26:28.0334 3612        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/04/06 21:26:28.0380 3612        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/04/06 21:26:28.0396 3612        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/06 21:26:28.0443 3612        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/06 21:26:28.0458 3612        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/06 21:26:28.0505 3612        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/06 21:26:28.0583 3612        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/06 21:26:28.0630 3612        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/04/06 21:26:28.0677 3612        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/06 21:26:28.0708 3612        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/04/06 21:26:28.0739 3612        iaStorV        (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/04/06 21:26:28.0786 3612        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/06 21:26:28.0848 3612        IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/06 21:26:28.0926 3612        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/04/06 21:26:28.0958 3612        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/06 21:26:28.0989 3612        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/06 21:26:29.0020 3612        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/06 21:26:29.0036 3612        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/06 21:26:29.0067 3612        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/06 21:26:29.0098 3612        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/04/06 21:26:29.0129 3612        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/04/06 21:26:29.0145 3612        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/06 21:26:29.0176 3612        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/06 21:26:29.0238 3612        KL1            (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
2011/04/06 21:26:29.0285 3612        kl2            (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
2011/04/06 21:26:29.0348 3612        KLIF            (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys
2011/04/06 21:26:29.0379 3612        KLIM6          (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
2011/04/06 21:26:29.0410 3612        klmouflt        (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/04/06 21:26:29.0441 3612        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/06 21:26:29.0457 3612        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/06 21:26:29.0488 3612        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/06 21:26:29.0550 3612        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/06 21:26:29.0582 3612        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/06 21:26:29.0597 3612        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/06 21:26:29.0628 3612        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/06 21:26:29.0644 3612        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/06 21:26:29.0675 3612        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/06 21:26:29.0691 3612        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/06 21:26:29.0722 3612        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/06 21:26:29.0769 3612        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/06 21:26:29.0784 3612        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/06 21:26:29.0816 3612        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/06 21:26:29.0847 3612        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/06 21:26:29.0878 3612        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/04/06 21:26:29.0909 3612        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/04/06 21:26:29.0956 3612        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/06 21:26:29.0987 3612        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/04/06 21:26:30.0018 3612        mrxsmb          (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/06 21:26:30.0065 3612        mrxsmb10        (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/06 21:26:30.0096 3612        mrxsmb20        (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/06 21:26:30.0128 3612        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/04/06 21:26:30.0143 3612        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/04/06 21:26:30.0190 3612        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/06 21:26:30.0206 3612        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/06 21:26:30.0221 3612        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/04/06 21:26:30.0252 3612        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/06 21:26:30.0284 3612        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/06 21:26:30.0299 3612        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/06 21:26:30.0346 3612        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/04/06 21:26:30.0377 3612        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/04/06 21:26:30.0393 3612        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/06 21:26:30.0408 3612        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/06 21:26:30.0424 3612        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/06 21:26:30.0471 3612        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/06 21:26:30.0533 3612        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/04/06 21:26:30.0580 3612        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/06 21:26:30.0611 3612        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/06 21:26:30.0627 3612        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/06 21:26:30.0674 3612        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/06 21:26:30.0705 3612        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/04/06 21:26:30.0720 3612        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/06 21:26:30.0767 3612        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/06 21:26:30.0814 3612        netr7364        (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
2011/04/06 21:26:30.0876 3612        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/06 21:26:31.0001 3612        nmwcdcx64      (2c761cc067acf0fb4ea13930b09bfeea) C:\Windows\system32\drivers\ccdcmbox64.sys
2011/04/06 21:26:31.0032 3612        nmwcdnsucx64    (ce90d1dd60db810a45e13fccea47e890) C:\Windows\system32\drivers\nmwcdnsucx64.sys
2011/04/06 21:26:31.0048 3612        nmwcdnsux64    (f5a8219ea8a6b67280308fae169b65c0) C:\Windows\system32\drivers\nmwcdnsux64.sys
2011/04/06 21:26:31.0079 3612        nmwcdx64        (63051819d5cac0fa49c425fc5e1a2b5c) C:\Windows\system32\drivers\ccdcmbx64.sys
2011/04/06 21:26:31.0095 3612        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/06 21:26:31.0126 3612        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/06 21:26:31.0173 3612        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/04/06 21:26:31.0220 3612        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/06 21:26:31.0266 3612        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/04/06 21:26:31.0298 3612        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/04/06 21:26:31.0329 3612        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/04/06 21:26:31.0376 3612        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/04/06 21:26:31.0391 3612        OM0530          (fa5d730ce3f3a3bd21c1040e212230d4) C:\Windows\system32\Drivers\ov530vx.sys
2011/04/06 21:26:31.0454 3612        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/06 21:26:31.0485 3612        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/04/06 21:26:31.0547 3612        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/04/06 21:26:31.0578 3612        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/04/06 21:26:31.0610 3612        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/04/06 21:26:31.0625 3612        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/06 21:26:31.0656 3612        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/06 21:26:31.0688 3612        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/06 21:26:31.0781 3612        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/06 21:26:31.0797 3612        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/06 21:26:31.0844 3612        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/06 21:26:31.0890 3612        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/06 21:26:31.0937 3612        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/06 21:26:31.0968 3612        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/06 21:26:31.0984 3612        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/06 21:26:32.0015 3612        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/06 21:26:32.0062 3612        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/06 21:26:32.0078 3612        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/06 21:26:32.0109 3612        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/06 21:26:32.0124 3612        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/06 21:26:32.0140 3612        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/06 21:26:32.0156 3612        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/06 21:26:32.0187 3612        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/04/06 21:26:32.0218 3612        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/06 21:26:32.0234 3612        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/06 21:26:32.0265 3612        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/04/06 21:26:32.0312 3612        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/04/06 21:26:32.0358 3612        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/06 21:26:32.0390 3612        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/06 21:26:32.0436 3612        RTL8167        (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/06 21:26:32.0499 3612        RtNdPt60        (2b38c905492f36fe42b59da52d6b4eb7) C:\Windows\system32\DRIVERS\RtNdPt60.sys
2011/04/06 21:26:32.0546 3612        RTTEAMPT        (3fb2fd668fa4cd4aed1953f85f916cf1) C:\Windows\system32\DRIVERS\RtTeam60.sys
2011/04/06 21:26:32.0561 3612        RTVLANPT        (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
2011/04/06 21:26:32.0608 3612        s1018bus        (301fba4594fb5c0a469299a65106b4aa) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/04/06 21:26:32.0624 3612        s1018mdfl      (d1d7c744f79710357e60fc04d125ed01) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/04/06 21:26:32.0639 3612        s1018mdm        (7dbe12cccd837d4266b2ddd80a329c09) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/04/06 21:26:32.0670 3612        s1018mgmt      (065ff5e62d2d18a6d93fd925546cd549) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/04/06 21:26:32.0717 3612        s1018nd5        (5101d815bdf0d667e3d5f0ea727caaee) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/04/06 21:26:32.0748 3612        s1018obex      (13f220c65b444ac9bda49dacfc3230bb) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/04/06 21:26:32.0795 3612        s1018unic      (ce7d8bce80211d8a35f6bd7a87791860) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/04/06 21:26:32.0826 3612        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/04/06 21:26:32.0873 3612        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/06 21:26:32.0936 3612        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/06 21:26:32.0967 3612        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/06 21:26:33.0029 3612        seehcri        (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/06 21:26:33.0045 3612        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/06 21:26:33.0076 3612        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/06 21:26:33.0107 3612        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/06 21:26:33.0170 3612        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/04/06 21:26:33.0201 3612        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/06 21:26:33.0216 3612        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/06 21:26:33.0248 3612        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/06 21:26:33.0294 3612        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/06 21:26:33.0310 3612        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/06 21:26:33.0341 3612        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/06 21:26:33.0388 3612        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/06 21:26:33.0435 3612        srv            (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
2011/04/06 21:26:33.0482 3612        srv2            (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/06 21:26:33.0513 3612        srvnet          (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/06 21:26:33.0560 3612        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/06 21:26:33.0575 3612        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/04/06 21:26:33.0606 3612        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/04/06 21:26:33.0622 3612        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/04/06 21:26:33.0747 3612        Tcpip          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/04/06 21:26:33.0825 3612        TCPIP6          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/06 21:26:33.0872 3612        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/06 21:26:33.0887 3612        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/06 21:26:33.0918 3612        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/06 21:26:33.0950 3612        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/06 21:26:33.0981 3612        TEAM            (3fb2fd668fa4cd4aed1953f85f916cf1) C:\Windows\system32\DRIVERS\RtTeam60.sys
2011/04/06 21:26:33.0996 3612        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/04/06 21:26:34.0043 3612        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/06 21:26:34.0106 3612        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/04/06 21:26:34.0137 3612        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/06 21:26:34.0152 3612        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/06 21:26:34.0184 3612        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/06 21:26:34.0230 3612        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/06 21:26:34.0262 3612        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/04/06 21:26:34.0277 3612        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/06 21:26:34.0340 3612        upperdev        (bcd611d240604ceee7f90805361fab50) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
2011/04/06 21:26:34.0386 3612        USBAAPL64      (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/04/06 21:26:34.0433 3612        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/04/06 21:26:34.0464 3612        usbccgp        (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/06 21:26:34.0496 3612        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/04/06 21:26:34.0527 3612        usbehci        (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/06 21:26:34.0558 3612        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/04/06 21:26:34.0574 3612        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/06 21:26:34.0605 3612        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/06 21:26:34.0636 3612        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/06 21:26:34.0667 3612        usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
2011/04/06 21:26:34.0698 3612        UsbserFilt      (d91be2644b18b4e3c69982fe0e1e97d6) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
2011/04/06 21:26:34.0714 3612        USBSTOR        (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
2011/04/06 21:26:34.0761 3612        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/06 21:26:34.0808 3612        VClone          (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
2011/04/06 21:26:34.0823 3612        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/04/06 21:26:34.0854 3612        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/06 21:26:34.0870 3612        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/06 21:26:34.0901 3612        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/04/06 21:26:34.0917 3612        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/04/06 21:26:34.0948 3612        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/04/06 21:26:34.0979 3612        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/04/06 21:26:34.0995 3612        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/04/06 21:26:35.0042 3612        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/04/06 21:26:35.0088 3612        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/04/06 21:26:35.0120 3612        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/06 21:26:35.0135 3612        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/06 21:26:35.0166 3612        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/06 21:26:35.0182 3612        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/06 21:26:35.0229 3612        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 21:26:35.0244 3612        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 21:26:35.0276 3612        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/06 21:26:35.0291 3612        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/06 21:26:35.0354 3612        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/06 21:26:35.0369 3612        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/06 21:26:35.0447 3612        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/06 21:26:35.0463 3612        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/06 21:26:35.0510 3612        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/06 21:26:35.0541 3612        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/04/06 21:26:35.0572 3612        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/06 21:26:35.0837 3612        ================================================================================
2011/04/06 21:26:35.0837 3612        Scan finished
2011/04/06 21:26:35.0837 3612        ================================================================================

cosinus 06.04.2011 22:49
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Amok84 07.04.2011 07:00
GMER log:

Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-07 07:59:02
Windows 6.1.7601 Service Pack 1
Running: 0wx6t6x3.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f6043faa                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f6043faa@0023d7df81ec        0xCE 0x85 0x42 0x52 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f6043faa@0022fc3fa18c        0xCF 0xA5 0x5D 0xD2 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f6043faa@6c0e0d3db244        0x31 0xD0 0x6B 0x28 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f6043faa (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f6043faa@0023d7df81ec            0xCE 0x85 0x42 0x52 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f6043faa@0022fc3fa18c            0xCF 0xA5 0x5D 0xD2 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f6043faa@6c0e0d3db244            0x31 0xD0 0x6B 0x28 ...

---- EOF - GMER 1.0.15 ----


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:52 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131