Trojaner-Board - System Defragmenter: Daten verschwunden.

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - System Defragmenter: Daten verschwunden. (https://www.trojaner-board.de/97423-system-defragmenter-daten-verschwunden.html)

System Defragmenter: Daten verschwunden.

Hallo,

Ich habe mich mit dem "System Defragmenter" rumgequält und auch schon (mehr oder weniger Erfolg-reich/los) gehandelt.

Orientiert, habe ich mich an diesen beiden Threads:
- 1. http://www.trojaner-board.de/94172-h...-detected.html
und
- 2. http://www.trojaner-board.de/91962-s...entfernen.html

Ein kleiner Rückblick:
Ich fahre mein Notebook hoch und muss feststellen, dass mein Hintergrund schwarz ist, meine Dateien verschwunden sind und mich ein "System Defragmenter" nervt, mit ständigen Errors wie z.B. "critical error", etc...

Ok, habe mir den ersten Thread durchgelesen und bemerkt, dass genau die selben Symptome bei dem User vorgekommen sind wie bei mir.

Nachdem ich den 2. Thread gelesen habe, habe ich Rkill ausgeführt und anschliessend Malwarebytes durchlaufen lassen.
Log Malwarebytes Vollständiger durchlauf:
-

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6350
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

13.04.2011 15:15:53

mbam-log-2011-04-13 (15-15-53).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 236001

Laufzeit: 36 Minute(n), 47 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 1

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 2

Infizierte Dateiobjekte der Registrierung: 1

Infizierte Verzeichnisse: 1

Infizierte Dateien: 8
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

c:\Users\mike\AppData\Local\olp160.dll (Trojan.Hiloti) -> Delete on reboot.
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ykonoxev (Trojan.Hiloti) -> Value: Ykonoxev -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HDFryVTMFjAtTWN (Trojan.FakeAlert) -> Value: HDFryVTMFjAtTWN -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
 

Infizierte Verzeichnisse:

c:\Users\mike\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 

Infizierte Dateien:

c:\Users\mike\AppData\Local\olp160.dll (Trojan.Hiloti) -> Delete on reboot.

c:\programdata\hdfryvtmfjattwn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\programdata\35905288.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\mike\AppData\Local\Temp\err.log4459818 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\mike\AppData\Local\Temp\nocamrexsw.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Users\mike\AppData\Roaming\Adobe\plugs\kb4463266.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\mike\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\mike\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Nach'm Neustart, hat mich schon kein "System Defragmenter" mehr genervt, aber keine Spur von meinen Dateien...

Um sicher zu gehen, habe ich nochmal OTHelper durchlaufen lassen und wie beschrieben wieder Anti-Malware im "Quick-Scan" gestartet.
-

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6350
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

13.04.2011 15:30:51

mbam-log-2011-04-13 (15-30-51).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 141225

Laufzeit: 4 Minute(n), 39 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ykonoxev (Trojan.Agent.U) -> Value: Ykonoxev -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Nach einem weiteren Neustart, kein wirklicher Erfolg. Keine Spur von meinen Daten.

Hier einmal die OTL logs:

OTL
____

Code:

OTL logfile created on: 13.04.2011 16:08:04 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\mike\Desktop

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48,73 Gb Total Space | 21,07 Gb Free Space | 43,24% Space Free | Partition Type: NTFS

Drive D: | 184,06 Gb Total Space | 160,53 Gb Free Space | 87,22% Space Free | Partition Type: NTFS

 

Computer Name: MIKE-NB | User Name: mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\mike\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)

PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe ()

PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()

PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

PRC - C:\Programme\Malwarebytes' Anti-Malware\herrbert.exe (Malwarebytes Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\mike\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()

SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()

SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (Serial) -- C:\Windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)

DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=102869&l=dis&gct=hp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 89 77 B7 29 BF CB 01  [binary data]

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=102869&l=dis&gct=hp"

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0

FF - prefs.js..extensions.enabledItems: {1EF9A571-44C1-4809-9AA2-CABE4412709C}:1.9.1

FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_DE&apn_uid=8adcccd9-78d0-4181-ba9c-963df8105170&apn_ptnrs=5J&apn_sauid=AD749FDE-86A5-4ABA-9CA6-1DF7B53706C1&apn_dtid=YYYYYYYYDE&q="

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 23:16:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 23:16:12 | 000,000,000 | ---D | M]

 

[2011.01.29 05:06:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mike\AppData\Roaming\mozilla\Extensions

[2011.04.13 14:50:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions

[2011.03.27 21:05:13 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com

[2011.04.13 15:08:12 | 000,002,337 | ---- | M] () -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\hvz1ujym.default\searchplugins\askcom-1.xml

[2011.04.12 14:31:03 | 000,002,400 | -H-- | M] () -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\hvz1ujym.default\searchplugins\askcom.xml

[2011.03.02 22:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.02.09 03:50:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.03.02 22:33:32 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

[2011.02.09 03:50:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.03.02 22:33:32 | 000,000,000 | ---D | M] (afurladvisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM

[2011.04.12 21:43:49 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\MIKE\APPDATA\LOCAL\{1EF9A571-44C1-4809-9AA2-CABE4412709C}

[2011.02.09 03:50:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\herrbert.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\Shell - "" = AutoRun

O33 - MountPoints2\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\Shell\AutoRun\command - "" = E:\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.13 16:06:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe

[2011.04.13 15:22:42 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\mike\Desktop\OTH.scr

[2011.04.13 14:36:08 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Malwarebytes

[2011.04.13 14:35:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.04.13 14:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.04.13 14:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.04.13 14:35:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.04.13 14:35:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.04.13 14:19:28 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{768180EA-32AB-4D78-B635-385E07F0A01A}

[2011.04.12 22:05:13 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Roaming\Avira

[2011.04.12 21:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011.04.12 21:55:31 | 000,028,520 | -H-- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011.04.12 21:55:30 | 000,137,656 | -H-- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.04.12 21:55:30 | 000,061,960 | -H-- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.04.12 21:55:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira

[2011.04.12 21:55:27 | 000,000,000 | ---D | C] -- C:\Programme\Avira

[2011.04.12 21:43:49 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{1EF9A571-44C1-4809-9AA2-CABE4412709C}

[2011.04.12 19:22:33 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Roaming\SkypePM

[2011.04.12 17:16:49 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{F61D48E0-D4AD-4A59-BF79-DD14D6245EF3}

[2011.04.12 05:16:24 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{07E61982-0757-464B-A6A0-6527CE9292F6}

[2011.04.11 14:25:26 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{059FE0BC-21DC-4C54-8D02-087C9A07109D}

[2011.04.10 21:03:17 | 000,000,000 | -H-D | C] -- C:\Users\mike\Desktop\stinknormaler tag

[2011.04.10 17:57:53 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{6FAEC9F2-E2F9-43B6-90D6-1C57A87D8240}

[2011.04.10 04:36:58 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{5698F50B-B9E5-4273-823F-0D68D2F01FEC}

[2011.04.09 22:26:08 | 000,000,000 | -H-D | C] -- C:\Users\mike\Desktop\08.04.2011

[2011.04.09 11:56:46 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{ED070D34-DFE4-4F20-91D9-E99F18AA1A35}

[2011.04.08 22:25:10 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{51138A72-8270-40AB-BD48-9B402E54FFCE}

[2011.04.08 10:24:35 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{9CD6AF7D-C088-4A28-9A99-BA19E560B697}

[2011.04.07 22:23:58 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{266ED28B-E6C1-4220-9C8A-8C0EBCFEBD48}

[2011.04.07 10:23:23 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{180B9564-B396-442E-8A87-04C16A1A8793}

[2011.04.06 22:22:59 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{0EDCAFDC-BF70-4503-B155-3631289F0000}

[2011.04.06 08:00:15 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{7449BDC1-0CA5-44B1-84B9-870AC615BCDD}

[2011.04.05 12:20:26 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{E427D2C8-4C97-44D7-9485-0DAB5F64549B}

[2011.04.04 22:14:22 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{D7A19759-55C4-4D21-8D14-B15D0F396B89}

[2011.04.04 09:55:34 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{E646AC86-E6E6-43B8-BF14-7BD51ABB7ACF}

[2011.04.03 17:10:05 | 000,000,000 | -H-D | C] -- C:\Users\mike\Desktop\1.6 cs

[2011.04.03 11:33:36 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{65FB1F50-87C0-40C3-AB21-D4B546D398AD}

[2011.04.02 18:33:13 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{1E911478-0DAA-4385-ACF8-DD91EFA598F9}

[2011.04.02 05:33:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2011.04.02 05:22:32 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{7BA2FC48-5892-4DB9-ACB4-28F5DCE1A66A}

[2011.04.01 14:20:50 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{4948BBE8-AB4F-4032-AFDC-BFBF77DBB7AB}

[2011.03.31 14:24:05 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{4834C767-8F18-4341-A9AA-30746CAF2C20}

[2011.03.30 14:25:25 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{994BD1AD-A51A-4315-9E59-D6009DCE8D08}

[2011.03.29 14:33:37 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{3FC0EB9F-C257-4CBC-A71A-413876081236}

[2011.03.28 17:36:57 | 000,000,000 | -H-D | C] -- C:\Users\mike\Documents\ICQ

[2011.03.28 14:19:37 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{5BB6F680-882E-4264-84FA-95EB7F011048}

[2011.03.27 20:10:44 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{2BB66A8A-14E5-4252-8757-1727D7128A6C}

[2011.03.27 18:49:58 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{B9F68E75-131C-4A91-B062-38824BDA35C7}

[2011.03.27 06:48:05 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{37BF7B4A-E352-4782-B266-76BD4B015F52}

[2011.03.26 17:29:19 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{07C0076B-ABDD-452A-8F95-15914032AAFB}

[2011.03.25 23:16:03 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{A8222740-3E50-4874-8161-64BA63046BAA}

[2011.03.25 11:15:26 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{5903A6C1-025B-43E1-883B-CC9E2C9BCFBF}

[2011.03.24 23:15:01 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{FF51A546-E57C-4DE4-948C-9E371F4C7EF7}

[2011.03.24 01:36:03 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{BBA48236-2316-4BD6-9933-1E5A70B1BF66}

[2011.03.23 13:35:25 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{D7916350-4400-4223-B20A-35FC14DBA6C5}

[2011.03.23 01:34:50 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{4D6EC84D-A1EA-4B16-8327-369F04276F3A}

[2011.03.22 13:34:14 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{4BE02F82-89AD-41C3-BBF0-3D0D5D32EC0A}

[2011.03.22 13:24:01 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Roaming\TS3Client

[2011.03.22 13:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

[2011.03.22 13:22:45 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client

[2011.03.22 11:35:59 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Roaming\teamspeak2

[2011.03.22 11:35:48 | 000,034,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm

[2011.03.22 11:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teamspeak2 RC2

[2011.03.22 11:35:45 | 000,000,000 | ---D | C] -- C:\Programme\Teamspeak2_RC2

[2011.03.22 01:33:38 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{8A573385-CB9C-48FB-A904-923E066E2306}

[2011.03.21 13:33:01 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{BA939EB4-00E6-4839-A093-9E98C0137C98}

[2011.03.21 13:19:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

[2011.03.21 13:19:53 | 000,000,000 | -H-D | C] -- C:\Programme\Common Files\Blizzard Entertainment

[2011.03.21 13:18:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Blizzard Entertainment

[2011.03.21 01:32:24 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{4A90E209-6F8A-47CD-8062-0B596DC4C325}

[2011.03.20 13:31:59 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{0855DDDA-1725-4B69-9F2A-6A1A4DFF05E5}

[2011.03.19 20:08:08 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{E263A234-008E-426C-87CD-0F9A39561506}

[2011.03.19 08:07:42 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{DE187948-41D0-48EF-8B3D-099C46D2756B}

[2011.03.18 15:14:02 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{6D93ED1C-FDD1-48D2-92EA-ACCCCE5E49F1}

[2011.03.17 15:14:58 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{67A8377E-AF42-4181-844B-FD8316A69BE5}

[2011.03.16 23:14:50 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{D0CF9CCB-E179-4B74-BB99-DB1470A41296}

[2011.03.16 10:30:57 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{909109BE-0F33-4CB6-B2F8-125DE74CDD99}

[2011.03.15 18:40:27 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{0747A25F-4AB7-4D62-88DB-05124BB1DE48}

[2011.03.15 06:39:52 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{92F30E12-E6D6-42A7-95C8-6935BE7740AB}

[2011.03.14 18:39:17 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{73F5C050-47B9-4C60-A927-14364B5F7A05}

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.13 16:06:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe

[2011.04.13 15:38:47 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.04.13 15:38:47 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.04.13 15:38:47 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.04.13 15:38:47 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.04.13 15:37:36 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.13 15:37:36 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.13 15:37:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.04.13 15:32:48 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.04.13 15:32:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.04.13 15:32:21 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.13 15:24:00 | 000,001,114 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000UA.job

[2011.04.13 15:22:45 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTH.scr

[2011.04.13 14:35:57 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.13 14:31:56 | 001,006,778 | ---- | M] () -- C:\Users\mike\Desktop\rkill.com

[2011.04.12 21:55:51 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011.04.12 21:51:19 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~35905288

[2011.04.12 21:51:18 | 000,000,629 | -H-- | M] () -- C:\Users\mike\Desktop\Windows Restore.lnk

[2011.04.12 21:51:18 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~35905288r

[2011.04.12 21:51:15 | 000,000,336 | -H-- | M] () -- C:\ProgramData\35905288

[2011.04.12 21:43:51 | 000,000,120 | -H-- | M] () -- C:\Users\mike\AppData\Local\Fkatuwupomukim.dat

[2011.04.12 21:43:51 | 000,000,000 | -H-- | M] () -- C:\Users\mike\AppData\Local\Gkivahukoziyeq.bin

[2011.04.12 17:24:00 | 000,001,062 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000Core.job

[2011.04.10 00:49:28 | 001,737,548 | -H-- | M] () -- C:\Users\mike\Desktop\asdf.flp

[2011.04.06 01:11:05 | 000,000,038 | -H-- | M] () -- C:\Users\mike\Desktop\Mehr Auswahl Modell....URL

[2011.04.02 20:41:32 | 001,744,917 | -H-- | M] () -- C:\Users\mike\Desktop\beschallt.flp

[2011.04.02 05:33:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat

[2011.03.26 17:30:56 | 000,002,395 | -H-- | M] () -- C:\Users\mike\Desktop\Google Chrome.lnk

[2011.03.26 07:08:24 | 000,041,555 | -H-- | M] () -- C:\Users\mike\Desktop\wow_eu_game_card_92033738_CHBPRGGA.jpg

[2011.03.22 13:22:47 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

[2011.03.22 11:35:49 | 000,034,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm

[2011.03.22 11:35:46 | 000,000,952 | -H-- | M] () -- C:\Users\mike\Desktop\Teamspeak 2 RC2.lnk

[2011.03.21 13:20:56 | 000,000,723 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2011.03.14 21:57:25 | 000,000,050 | -H-- | M] () -- C:\Users\mike\Desktop\picdumps.com.URL

 
 ========== Files Created - No Company Name ==========

 

[2011.04.13 14:35:57 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.13 14:31:47 | 001,006,778 | ---- | C] () -- C:\Users\mike\Desktop\rkill.com

[2011.04.12 21:55:51 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011.04.12 21:51:18 | 000,000,629 | -H-- | C] () -- C:\Users\mike\Desktop\Windows Restore.lnk

[2011.04.12 21:51:18 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~35905288r

[2011.04.12 21:51:18 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~35905288

[2011.04.12 21:51:15 | 000,000,336 | -H-- | C] () -- C:\ProgramData\35905288

[2011.04.12 21:43:51 | 000,000,120 | -H-- | C] () -- C:\Users\mike\AppData\Local\Fkatuwupomukim.dat

[2011.04.12 21:43:51 | 000,000,000 | -H-- | C] () -- C:\Users\mike\AppData\Local\Gkivahukoziyeq.bin

[2011.04.08 23:15:37 | 001,737,548 | -H-- | C] () -- C:\Users\mike\Desktop\asdf.flp

[2011.04.06 01:11:05 | 000,000,038 | -H-- | C] () -- C:\Users\mike\Desktop\Mehr Auswahl Modell....URL

[2011.04.02 20:10:44 | 001,744,917 | -H-- | C] () -- C:\Users\mike\Desktop\beschallt.flp

[2011.04.02 05:33:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat

[2011.03.26 07:08:23 | 000,041,555 | -H-- | C] () -- C:\Users\mike\Desktop\wow_eu_game_card_92033738_CHBPRGGA.jpg

[2011.03.22 13:22:47 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

[2011.03.22 11:35:46 | 000,000,952 | -H-- | C] () -- C:\Users\mike\Desktop\Teamspeak 2 RC2.lnk

[2011.03.21 13:19:53 | 000,000,723 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2011.03.14 21:57:25 | 000,000,050 | -H-- | C] () -- C:\Users\mike\Desktop\picdumps.com.URL

[2011.03.11 13:07:23 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011.03.11 13:06:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.01.29 05:47:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2011.01.29 05:41:55 | 000,000,017 | -H-- | C] () -- C:\Users\mike\AppData\Local\resmon.resmoncfg

[2011.01.29 05:34:10 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 06:33:53 | 000,265,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 

< End of report >

und hier Extras

Code:

OTL Extras logfile created on: 13.04.2011 16:08:04 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\mike\Desktop

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48,73 Gb Total Space | 21,07 Gb Free Space | 43,24% Space Free | Partition Type: NTFS

Drive D: | 184,06 Gb Total Space | 160,53 Gb Free Space | 87,22% Space Free | Partition Type: NTFS

 

Computer Name: MIKE-NB | User Name: mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45212F71-750F-4B98-8931-2F35DBE6B661}" = Paint.NET v3.5.7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ASIO4ALL" = ASIO4ALL

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"DAEMON Tools Lite" = DAEMON Tools Lite

"Drumaxx" = Drumaxx

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"FL Studio 9" = FL Studio 9

"Hardcore" = Hardcore

"HotspotShield" = Hotspot Shield 1.57

"IL Download Manager" = IL Download Manager

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"ManyCam" = ManyCam 2.6.30 (remove only)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"NVIDIA Drivers" = NVIDIA Drivers

"PoiZone" = PoiZone

"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0

"Sakura" = Sakura

"Sawer" = Sawer

"SuperHideIP" = Super Hide IP

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Toxic Biohazard" = Toxic Biohazard

"VLC media player" = VLC media player 1.1.7

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"World of Warcraft" = World of Warcraft

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 12.04.2011 15:52:59 | Computer Name = mike-nb | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\mike\AppData\Local\Temp\RarSFX0\redist.dll".

Die

 abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 12.04.2011 15:56:14 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 12.04.2011 15:56:14 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

[ System Events ]

Error - 11.04.2011 23:15:56 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern

Fehlerquelle:

 3  Fehlertyp: 10  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere

 Informationen.

 

Error - 11.04.2011 23:15:56 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern

Fehlerquelle:

 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere

 Informationen.

 

Error - 12.04.2011 08:14:49 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern

Fehlerquelle:

 3  Fehlertyp: 9  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere

 Informationen.

 

Error - 12.04.2011 08:14:49 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern

Fehlerquelle:

 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere

 Informationen.

 

Error - 12.04.2011 08:14:49 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern

Fehlerquelle:

 3  Fehlertyp: 10  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere

 Informationen.

 

Error - 12.04.2011 08:14:49 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern

Fehlerquelle:

 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere

 Informationen.

 

Error - 12.04.2011 10:39:51 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern

Fehlerquelle:

 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere

 Informationen.

 

Error - 12.04.2011 10:39:51 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18

Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern

Fehlerquelle:

 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere

 Informationen.

 

Error - 12.04.2011 16:06:21 | Computer Name = mike-nb | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

 

Error - 12.04.2011 16:09:22 | Computer Name = mike-nb | Source = Service Control Manager | ID = 7022

Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.

 

 

< End of report >

Ich würde dankbar sein und mich sehr freuen, wenn ich wieder meine Daten zurückbekomme,:heilig:
eigentlich hatte ich geplant über "Zubehör und Systemwiederherstellung" an meine Daten zurück zu kommen, doch ich finde über Start nicht mal Zubehör

So sehr kenn ich mich leider nicht mit Viren und allg. PC-Verständnis aus. :)

mfg
koalabaehr

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.

Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Berichte ob die Dateien wieder sichtbar sind und ob du wieder Zugriff darauf hast. Wenn ja machen wir mit einem OTL-Fix weiter. Näheres dann.

Hallo, ich bin dir jetzt schon sehr dankbar :), ist glaube ich alles da, soweit :). Ok, was genau soll ich mitm OTL-Fix machen?
mfg
mB

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

[2011.04.12 21:51:18 | 000,000,629 | -H-- | C] () -- C:\Users\mike\Desktop\Windows Restore.lnk

[2011.04.12 21:51:18 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~35905288r

[2011.04.12 21:51:18 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~35905288

[2011.04.12 21:51:15 | 000,000,336 | -H-- | C] () -- C:\ProgramData\35905288

[2011.04.12 21:43:51 | 000,000,120 | -H-- | C] () -- C:\Users\mike\AppData\Local\Fkatuwupomukim.dat

[2011.04.12 21:43:51 | 000,000,000 | -H-- | C] () -- C:\Users\mike\AppData\Local\Gkivahukoziyeq.bin

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\Shell - "" = AutoRun

O33 - MountPoints2\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\Shell\AutoRun\command - "" = E:\Autorun.exe

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

[2011.03.27 21:05:13 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

So habs gemacht.

Code:

All processes killed

========== OTL ==========

C:\Users\mike\Desktop\Windows Restore.lnk moved successfully.

C:\ProgramData\~35905288r moved successfully.

C:\ProgramData\~35905288 moved successfully.

C:\ProgramData\35905288 moved successfully.

C:\Users\mike\AppData\Local\Fkatuwupomukim.dat moved successfully.

C:\Users\mike\AppData\Local\Gkivahukoziyeq.bin moved successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\ not found.

File E:\Autorun.exe not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\logs folder moved successfully.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\defaults folder moved successfully.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\datastore folder moved successfully.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-23-Feb-2011-21-20-38-GMT folder moved successfully.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-30-Jan-2011-13-04-15-GMT folder moved successfully.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-27-Mar-2011-19-38-20-GMT folder moved successfully.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome folder moved successfully.

C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com folder moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: mike

->Temp folder emptied: 546646 bytes

->Temporary Internet Files folder emptied: 7809561 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 96504600 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 3039 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4359167 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 104,00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 04142011_183510
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Herr Chefarzt, wie lautet die Diagnose :-)?

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Programm hat nichts gefunden,

sollte ich das hier Posten?:

Code:

2011/04/14 19:10:19.0034 5556        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/14 19:10:19.0364 5556        ================================================================================

2011/04/14 19:10:19.0364 5556        SystemInfo:

2011/04/14 19:10:19.0364 5556        

2011/04/14 19:10:19.0364 5556        OS Version: 6.1.7601 ServicePack: 1.0

2011/04/14 19:10:19.0364 5556        Product type: Workstation

2011/04/14 19:10:19.0364 5556        ComputerName: MIKE-NB

2011/04/14 19:10:19.0364 5556        UserName: mike

2011/04/14 19:10:19.0364 5556        Windows directory: C:\Windows

2011/04/14 19:10:19.0364 5556        System windows directory: C:\Windows

2011/04/14 19:10:19.0364 5556        Processor architecture: Intel x86

2011/04/14 19:10:19.0364 5556        Number of processors: 2

2011/04/14 19:10:19.0364 5556        Page size: 0x1000

2011/04/14 19:10:19.0364 5556        Boot type: Normal boot

2011/04/14 19:10:19.0365 5556        ================================================================================

2011/04/14 19:10:19.0688 5556        Initialize success

2011/04/14 19:10:24.0625 2940        ================================================================================

2011/04/14 19:10:24.0625 2940        Scan started

2011/04/14 19:10:24.0625 2940        Mode: Manual; 

2011/04/14 19:10:24.0625 2940        ================================================================================

2011/04/14 19:10:25.0665 2940        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/04/14 19:10:25.0754 2940        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/04/14 19:10:25.0819 2940        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/04/14 19:10:25.0883 2940        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/04/14 19:10:25.0929 2940        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/04/14 19:10:25.0966 2940        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/04/14 19:10:26.0049 2940        AFD             (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys

2011/04/14 19:10:26.0103 2940        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/04/14 19:10:26.0162 2940        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/04/14 19:10:26.0226 2940        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/04/14 19:10:26.0266 2940        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/04/14 19:10:26.0292 2940        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/04/14 19:10:26.0343 2940        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/04/14 19:10:26.0373 2940        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/04/14 19:10:26.0447 2940        amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

2011/04/14 19:10:26.0505 2940        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/04/14 19:10:26.0544 2940        amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

2011/04/14 19:10:26.0613 2940        AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/04/14 19:10:26.0693 2940        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/04/14 19:10:26.0722 2940        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/04/14 19:10:26.0766 2940        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/04/14 19:10:26.0807 2940        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/04/14 19:10:26.0871 2940        athr            (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys

2011/04/14 19:10:26.0963 2940        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/04/14 19:10:26.0999 2940        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys

2011/04/14 19:10:27.0068 2940        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/04/14 19:10:27.0121 2940        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/04/14 19:10:27.0165 2940        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/04/14 19:10:27.0208 2940        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/04/14 19:10:27.0249 2940        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/04/14 19:10:27.0285 2940        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/04/14 19:10:27.0309 2940        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/04/14 19:10:27.0347 2940        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/04/14 19:10:27.0379 2940        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/04/14 19:10:27.0411 2940        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/04/14 19:10:27.0428 2940        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/04/14 19:10:27.0467 2940        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/04/14 19:10:27.0525 2940        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/04/14 19:10:27.0591 2940        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/04/14 19:10:27.0646 2940        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/04/14 19:10:27.0696 2940        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/04/14 19:10:27.0794 2940        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/04/14 19:10:27.0843 2940        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/04/14 19:10:27.0882 2940        CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/04/14 19:10:27.0921 2940        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/04/14 19:10:27.0974 2940        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/04/14 19:10:28.0018 2940        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/04/14 19:10:28.0093 2940        CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/04/14 19:10:28.0173 2940        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/04/14 19:10:28.0219 2940        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/04/14 19:10:28.0259 2940        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/04/14 19:10:28.0317 2940        DKbFltr         (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys

2011/04/14 19:10:28.0444 2940        DritekPortIO    (5c918d413f5837e67a85775c9873775e) C:\Program Files\Launch Manager\DPortIO.sys

2011/04/14 19:10:28.0519 2940        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/04/14 19:10:28.0571 2940        dtsoftbus01     (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

2011/04/14 19:10:28.0640 2940        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/04/14 19:10:28.0706 2940        E1G60           (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/04/14 19:10:28.0825 2940        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/04/14 19:10:29.0067 2940        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/04/14 19:10:29.0141 2940        enecir          (29dcaeb81dde6f154aa4d36b18ecbb1f) C:\Windows\system32\DRIVERS\enecir.sys

2011/04/14 19:10:29.0186 2940        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/04/14 19:10:29.0303 2940        EverestDriver   (76984d46b2abaa46f8b3fcef82c9217d) C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt

2011/04/14 19:10:29.0391 2940        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/04/14 19:10:29.0437 2940        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/04/14 19:10:29.0469 2940        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/04/14 19:10:29.0506 2940        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/04/14 19:10:29.0534 2940        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/04/14 19:10:29.0554 2940        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/04/14 19:10:29.0603 2940        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/04/14 19:10:29.0646 2940        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/04/14 19:10:29.0676 2940        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/04/14 19:10:29.0746 2940        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/04/14 19:10:29.0795 2940        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/04/14 19:10:29.0862 2940        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/04/14 19:10:29.0932 2940        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/04/14 19:10:29.0962 2940        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/04/14 19:10:29.0986 2940        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/04/14 19:10:30.0011 2940        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/04/14 19:10:30.0043 2940        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/04/14 19:10:30.0131 2940        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

2011/04/14 19:10:30.0213 2940        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/04/14 19:10:30.0271 2940        HssDrv          (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys

2011/04/14 19:10:30.0426 2940        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/04/14 19:10:30.0461 2940        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/04/14 19:10:30.0525 2940        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/04/14 19:10:30.0578 2940        iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

2011/04/14 19:10:30.0636 2940        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/04/14 19:10:30.0686 2940        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/04/14 19:10:30.0734 2940        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/04/14 19:10:30.0769 2940        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/04/14 19:10:30.0826 2940        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/04/14 19:10:30.0857 2940        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/04/14 19:10:30.0902 2940        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/04/14 19:10:30.0944 2940        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/04/14 19:10:30.0993 2940        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/04/14 19:10:31.0034 2940        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/04/14 19:10:31.0100 2940        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/04/14 19:10:31.0148 2940        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/04/14 19:10:31.0190 2940        KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/04/14 19:10:31.0273 2940        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/04/14 19:10:31.0326 2940        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/04/14 19:10:31.0358 2940        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/04/14 19:10:31.0389 2940        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/04/14 19:10:31.0415 2940        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/04/14 19:10:31.0477 2940        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/04/14 19:10:31.0507 2940        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/04/14 19:10:31.0558 2940        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/04/14 19:10:31.0585 2940        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/04/14 19:10:31.0629 2940        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/04/14 19:10:31.0662 2940        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

2011/04/14 19:10:31.0684 2940        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/04/14 19:10:31.0733 2940        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/04/14 19:10:31.0777 2940        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/04/14 19:10:31.0811 2940        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/04/14 19:10:31.0863 2940        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/04/14 19:10:31.0918 2940        mrxsmb          (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/04/14 19:10:31.0963 2940        mrxsmb10        (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/04/14 19:10:32.0005 2940        mrxsmb20        (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/04/14 19:10:32.0061 2940        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/04/14 19:10:32.0115 2940        msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/04/14 19:10:32.0180 2940        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/04/14 19:10:32.0204 2940        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/04/14 19:10:32.0245 2940        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/04/14 19:10:32.0282 2940        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/04/14 19:10:32.0326 2940        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/04/14 19:10:32.0356 2940        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/04/14 19:10:32.0382 2940        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/04/14 19:10:32.0434 2940        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/04/14 19:10:32.0474 2940        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/04/14 19:10:32.0500 2940        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/04/14 19:10:32.0525 2940        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/04/14 19:10:32.0566 2940        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/04/14 19:10:32.0636 2940        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/04/14 19:10:32.0681 2940        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/04/14 19:10:32.0726 2940        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/04/14 19:10:32.0773 2940        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/04/14 19:10:32.0826 2940        NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/04/14 19:10:32.0872 2940        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/04/14 19:10:32.0928 2940        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/04/14 19:10:32.0982 2940        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/04/14 19:10:33.0045 2940        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/04/14 19:10:33.0078 2940        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/04/14 19:10:33.0107 2940        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/04/14 19:10:33.0191 2940        Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

2011/04/14 19:10:33.0250 2940        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/04/14 19:10:33.0329 2940        NVENETFD        (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys

2011/04/14 19:10:33.0666 2940        nvlddmkm        (f1d968e03a9cdbfeb742678184fe020a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/04/14 19:10:33.0941 2940        nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

2011/04/14 19:10:34.0001 2940        nvsmu           (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys

2011/04/14 19:10:34.0076 2940        nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

2011/04/14 19:10:34.0139 2940        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/04/14 19:10:34.0188 2940        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/04/14 19:10:34.0248 2940        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/04/14 19:10:34.0294 2940        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/04/14 19:10:34.0320 2940        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/04/14 19:10:34.0368 2940        pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/04/14 19:10:34.0387 2940        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/04/14 19:10:34.0423 2940        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/04/14 19:10:34.0451 2940        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/04/14 19:10:34.0491 2940        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/04/14 19:10:34.0635 2940        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/04/14 19:10:34.0662 2940        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/04/14 19:10:34.0710 2940        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/04/14 19:10:34.0774 2940        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/04/14 19:10:34.0831 2940        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/04/14 19:10:34.0867 2940        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/04/14 19:10:34.0889 2940        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/04/14 19:10:34.0943 2940        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/04/14 19:10:34.0982 2940        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/04/14 19:10:35.0020 2940        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/04/14 19:10:35.0046 2940        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/04/14 19:10:35.0091 2940        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/04/14 19:10:35.0125 2940        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/04/14 19:10:35.0167 2940        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/04/14 19:10:35.0228 2940        RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/04/14 19:10:35.0262 2940        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/04/14 19:10:35.0287 2940        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/04/14 19:10:35.0360 2940        RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

2011/04/14 19:10:35.0409 2940        RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/04/14 19:10:35.0474 2940        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/04/14 19:10:35.0556 2940        rimmptsk        (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

2011/04/14 19:10:35.0589 2940        rimsptsk        (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys

2011/04/14 19:10:35.0617 2940        rismxdp         (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys

2011/04/14 19:10:35.0715 2940        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/04/14 19:10:35.0773 2940        s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/04/14 19:10:35.0827 2940        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/04/14 19:10:35.0884 2940        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/04/14 19:10:35.0952 2940        sdbus           (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys

2011/04/14 19:10:36.0004 2940        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/04/14 19:10:36.0085 2940        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/04/14 19:10:36.0116 2940        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/04/14 19:10:36.0165 2940        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/04/14 19:10:36.0239 2940        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/04/14 19:10:36.0267 2940        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/04/14 19:10:36.0285 2940        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/04/14 19:10:36.0321 2940        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/04/14 19:10:36.0389 2940        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/04/14 19:10:36.0436 2940        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/04/14 19:10:36.0460 2940        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/04/14 19:10:36.0489 2940        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/04/14 19:10:36.0541 2940        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/04/14 19:10:36.0619 2940        srv             (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys

2011/04/14 19:10:36.0663 2940        srv2            (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys

2011/04/14 19:10:36.0744 2940        SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/04/14 19:10:36.0821 2940        SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

2011/04/14 19:10:36.0885 2940        SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

2011/04/14 19:10:36.0927 2940        srvnet          (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys

2011/04/14 19:10:36.0984 2940        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/04/14 19:10:37.0031 2940        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/04/14 19:10:37.0079 2940        storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/04/14 19:10:37.0121 2940        storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/04/14 19:10:37.0152 2940        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/04/14 19:10:37.0261 2940        taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys

2011/04/14 19:10:37.0361 2940        Tcpip           (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys

2011/04/14 19:10:37.0479 2940        TCPIP6          (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys

2011/04/14 19:10:37.0539 2940        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/04/14 19:10:37.0597 2940        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/04/14 19:10:37.0630 2940        TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/04/14 19:10:37.0678 2940        tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/04/14 19:10:37.0718 2940        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/04/14 19:10:37.0802 2940        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/04/14 19:10:37.0872 2940        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/04/14 19:10:37.0992 2940        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/04/14 19:10:38.0032 2940        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/04/14 19:10:38.0084 2940        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/04/14 19:10:38.0153 2940        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/04/14 19:10:38.0218 2940        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/04/14 19:10:38.0273 2940        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/04/14 19:10:38.0361 2940        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

2011/04/14 19:10:38.0410 2940        usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys

2011/04/14 19:10:38.0472 2940        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/04/14 19:10:38.0526 2940        usbehci         (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys

2011/04/14 19:10:38.0590 2940        usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys

2011/04/14 19:10:38.0616 2940        usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/04/14 19:10:38.0655 2940        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/04/14 19:10:38.0700 2940        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/04/14 19:10:38.0742 2940        USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/04/14 19:10:38.0774 2940        usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/04/14 19:10:38.0847 2940        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

2011/04/14 19:10:38.0925 2940        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/04/14 19:10:39.0006 2940        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/04/14 19:10:39.0030 2940        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/04/14 19:10:39.0114 2940        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/04/14 19:10:39.0174 2940        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/04/14 19:10:39.0221 2940        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/04/14 19:10:39.0248 2940        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/04/14 19:10:39.0295 2940        vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/04/14 19:10:39.0336 2940        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/04/14 19:10:39.0376 2940        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/04/14 19:10:39.0422 2940        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/04/14 19:10:39.0474 2940        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/04/14 19:10:39.0519 2940        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/04/14 19:10:39.0557 2940        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/04/14 19:10:39.0596 2940        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/04/14 19:10:39.0642 2940        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/04/14 19:10:39.0693 2940        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/14 19:10:39.0710 2940        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/14 19:10:39.0770 2940        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/04/14 19:10:39.0811 2940        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/04/14 19:10:39.0905 2940        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/04/14 19:10:39.0934 2940        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/04/14 19:10:40.0049 2940        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/04/14 19:10:40.0125 2940        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/04/14 19:10:40.0209 2940        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/04/14 19:10:40.0284 2940        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/04/14 19:10:40.0343 2940        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/04/14 19:10:40.0452 2940        ================================================================================

2011/04/14 19:10:40.0452 2940        Scan finished

2011/04/14 19:10:40.0452 2940        ================================================================================

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Ok, alles ausgeführt.
Hier das Ergebnis:

Code:

ComboFix 11-04-13.06 - mike 14.04.2011  20:01:42.1.2 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2047.1499 [GMT 2:00]

ausgeführt von:: c:\users\mike\Desktop\cofi.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\mike\AppData\Local\{1EF9A571-44C1-4809-9AA2-CABE4412709C}

c:\users\mike\AppData\Local\{1EF9A571-44C1-4809-9AA2-CABE4412709C}\chrome.manifest

c:\users\mike\AppData\Local\{1EF9A571-44C1-4809-9AA2-CABE4412709C}\chrome\content\_cfg.js

c:\users\mike\AppData\Local\{1EF9A571-44C1-4809-9AA2-CABE4412709C}\chrome\content\overlay.xul

c:\users\mike\AppData\Local\{1EF9A571-44C1-4809-9AA2-CABE4412709C}\install.rdf

c:\users\mike\AppData\Roaming\Adobe\plugs

c:\users\mike\AppData\Roaming\Adobe\shed

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-14 bis 2011-04-14  ))))))))))))))))))))))))))))))

.

.

2011-04-14 18:06 . 2011-04-14 18:06        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-04-14 17:54 . 2011-04-14 17:54        --------        d-----w-        c:\program files\CCleaner

2011-04-14 14:12 . 2011-04-14 14:13        --------        d-----w-        c:\users\mike\AppData\Local\{E93C4D23-9E4D-4BE7-90BD-7A53909A6343}

2011-04-14 02:19 . 2011-03-03 05:38        132608        ----a-w-        c:\windows\system32\dnsrslvr.dll

2011-04-14 02:19 . 2011-03-03 05:36        28672        ----a-w-        c:\windows\system32\dnscacheugc.exe

2011-04-14 02:19 . 2011-02-18 05:43        428032        ----a-w-        c:\windows\system32\vbscript.dll

2011-04-14 02:19 . 2011-02-23 04:48        311808        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-04-14 02:19 . 2011-02-23 04:48        310272        ----a-w-        c:\windows\system32\drivers\srv2.sys

2011-04-14 02:19 . 2011-02-23 04:47        114176        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2011-04-14 02:19 . 2011-02-19 06:30        34304        ----a-w-        c:\windows\system32\atmlib.dll

2011-04-14 02:19 . 2011-02-19 04:34        294912        ----a-w-        c:\windows\system32\atmfd.dll

2011-04-14 02:12 . 2011-04-14 02:12        --------        d-----w-        c:\users\mike\AppData\Local\{E4E31595-88D2-4792-B0E8-5B56EB8C970B}

2011-04-13 14:59 . 2011-04-13 14:59        --------        d-----w-        C:\_OTL

2011-04-13 12:36 . 2011-04-13 12:36        --------        d-----w-        c:\users\mike\AppData\Roaming\Malwarebytes

2011-04-13 12:35 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-13 12:35 . 2011-04-13 12:35        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-13 12:35 . 2011-04-13 12:37        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-04-13 12:35 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-13 12:19 . 2011-04-13 12:19        --------        d-----w-        c:\users\mike\AppData\Local\{768180EA-32AB-4D78-B635-385E07F0A01A}

2011-04-12 20:05 . 2011-04-12 20:05        --------        d-----w-        c:\users\mike\AppData\Roaming\Avira

2011-04-12 19:55 . 2011-03-04 14:11        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-04-12 19:55 . 2011-03-04 12:36        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-04-12 19:55 . 2011-04-12 19:55        --------        d-----w-        c:\programdata\Avira

2011-04-12 19:55 . 2011-04-12 19:55        --------        d-----w-        c:\program files\Avira

2011-04-12 15:16 . 2011-04-12 15:17        --------        d-----w-        c:\users\mike\AppData\Local\{F61D48E0-D4AD-4A59-BF79-DD14D6245EF3}

2011-04-12 14:44 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB04E67C-10CE-4F7B-9087-68C8BF2920A3}\mpengine.dll

2011-04-12 03:16 . 2011-04-12 03:16        --------        d-----w-        c:\users\mike\AppData\Local\{07E61982-0757-464B-A6A0-6527CE9292F6}

2011-04-11 12:25 . 2011-04-11 12:25        --------        d-----w-        c:\users\mike\AppData\Local\{059FE0BC-21DC-4C54-8D02-087C9A07109D}

2011-04-10 15:57 . 2011-04-10 15:58        --------        d-----w-        c:\users\mike\AppData\Local\{6FAEC9F2-E2F9-43B6-90D6-1C57A87D8240}

2011-04-10 02:36 . 2011-04-10 02:37        --------        d-----w-        c:\users\mike\AppData\Local\{5698F50B-B9E5-4273-823F-0D68D2F01FEC}

2011-04-09 09:56 . 2011-04-09 09:56        --------        d-----w-        c:\users\mike\AppData\Local\{ED070D34-DFE4-4F20-91D9-E99F18AA1A35}

2011-04-08 20:25 . 2011-04-08 20:25        --------        d-----w-        c:\users\mike\AppData\Local\{51138A72-8270-40AB-BD48-9B402E54FFCE}

2011-04-08 08:24 . 2011-04-08 08:24        --------        d-----w-        c:\users\mike\AppData\Local\{9CD6AF7D-C088-4A28-9A99-BA19E560B697}

2011-04-07 20:23 . 2011-04-07 20:24        --------        d-----w-        c:\users\mike\AppData\Local\{266ED28B-E6C1-4220-9C8A-8C0EBCFEBD48}

2011-04-07 08:23 . 2011-04-07 08:23        --------        d-----w-        c:\users\mike\AppData\Local\{180B9564-B396-442E-8A87-04C16A1A8793}

2011-04-06 20:22 . 2011-04-06 20:23        --------        d-----w-        c:\users\mike\AppData\Local\{0EDCAFDC-BF70-4503-B155-3631289F0000}

2011-04-06 06:00 . 2011-04-06 06:00        --------        d-----w-        c:\users\mike\AppData\Local\{7449BDC1-0CA5-44B1-84B9-870AC615BCDD}

2011-04-05 10:20 . 2011-04-05 10:20        --------        d-----w-        c:\users\mike\AppData\Local\{E427D2C8-4C97-44D7-9485-0DAB5F64549B}

2011-04-04 20:14 . 2011-04-04 20:14        --------        d-----w-        c:\users\mike\AppData\Local\{D7A19759-55C4-4D21-8D14-B15D0F396B89}

2011-04-04 07:55 . 2011-04-04 07:55        --------        d-----w-        c:\users\mike\AppData\Local\{E646AC86-E6E6-43B8-BF14-7BD51ABB7ACF}

2011-04-03 09:33 . 2011-04-03 09:33        --------        d-----w-        c:\users\mike\AppData\Local\{65FB1F50-87C0-40C3-AB21-D4B546D398AD}

2011-04-02 16:33 . 2011-04-02 16:33        --------        d-----w-        c:\users\mike\AppData\Local\{1E911478-0DAA-4385-ACF8-DD91EFA598F9}

2011-04-02 03:22 . 2011-04-02 03:22        --------        d-----w-        c:\users\mike\AppData\Local\{7BA2FC48-5892-4DB9-ACB4-28F5DCE1A66A}

2011-04-01 12:20 . 2011-04-01 12:21        --------        d-----w-        c:\users\mike\AppData\Local\{4948BBE8-AB4F-4032-AFDC-BFBF77DBB7AB}

2011-03-31 12:24 . 2011-03-31 12:24        --------        d-----w-        c:\users\mike\AppData\Local\{4834C767-8F18-4341-A9AA-30746CAF2C20}

2011-03-30 12:25 . 2011-03-30 12:25        --------        d-----w-        c:\users\mike\AppData\Local\{994BD1AD-A51A-4315-9E59-D6009DCE8D08}

2011-03-29 12:33 . 2011-03-29 12:34        --------        d-----w-        c:\users\mike\AppData\Local\{3FC0EB9F-C257-4CBC-A71A-413876081236}

2011-03-28 12:19 . 2011-03-28 12:19        --------        d-----w-        c:\users\mike\AppData\Local\{5BB6F680-882E-4264-84FA-95EB7F011048}

2011-03-27 18:10 . 2011-03-27 18:10        --------        d-----w-        c:\users\mike\AppData\Local\{2BB66A8A-14E5-4252-8757-1727D7128A6C}

2011-03-27 16:49 . 2011-03-27 16:49        --------        d-----w-        c:\users\mike\AppData\Local\{B9F68E75-131C-4A91-B062-38824BDA35C7}

2011-03-27 04:48 . 2011-03-27 04:48        --------        d-----w-        c:\users\mike\AppData\Local\{37BF7B4A-E352-4782-B266-76BD4B015F52}

2011-03-26 15:29 . 2011-03-26 15:29        --------        d-----w-        c:\users\mike\AppData\Local\{07C0076B-ABDD-452A-8F95-15914032AAFB}

2011-03-25 21:16 . 2011-03-25 21:16        --------        d-----w-        c:\users\mike\AppData\Local\{A8222740-3E50-4874-8161-64BA63046BAA}

2011-03-25 09:15 . 2011-03-25 09:15        --------        d-----w-        c:\users\mike\AppData\Local\{5903A6C1-025B-43E1-883B-CC9E2C9BCFBF}

2011-03-24 21:15 . 2011-03-24 21:15        --------        d-----w-        c:\users\mike\AppData\Local\{FF51A546-E57C-4DE4-948C-9E371F4C7EF7}

2011-03-23 23:36 . 2011-03-23 23:36        --------        d-----w-        c:\users\mike\AppData\Local\{BBA48236-2316-4BD6-9933-1E5A70B1BF66}

2011-03-23 11:35 . 2011-03-23 11:35        --------        d-----w-        c:\users\mike\AppData\Local\{D7916350-4400-4223-B20A-35FC14DBA6C5}

2011-03-22 23:34 . 2011-03-22 23:35        --------        d-----w-        c:\users\mike\AppData\Local\{4D6EC84D-A1EA-4B16-8327-369F04276F3A}

2011-03-22 11:34 . 2011-03-22 11:34        --------        d-----w-        c:\users\mike\AppData\Local\{4BE02F82-89AD-41C3-BBF0-3D0D5D32EC0A}

2011-03-22 11:24 . 2011-04-14 17:56        --------        d-----w-        c:\users\mike\AppData\Roaming\TS3Client

2011-03-22 11:22 . 2011-03-22 11:22        --------        d-----w-        c:\program files\TeamSpeak 3 Client

2011-03-22 09:35 . 2011-03-22 09:36        --------        d-----w-        c:\users\mike\AppData\Roaming\teamspeak2

2011-03-22 09:35 . 2011-03-22 09:35        34064        ----a-w-        c:\windows\system32\lhacm.acm

2011-03-22 09:35 . 2011-03-22 09:35        --------        d-----w-        c:\program files\Teamspeak2_RC2

2011-03-21 23:33 . 2011-03-21 23:34        --------        d-----w-        c:\users\mike\AppData\Local\{8A573385-CB9C-48FB-A904-923E066E2306}

2011-03-21 11:33 . 2011-03-21 11:33        --------        d-----w-        c:\users\mike\AppData\Local\{BA939EB4-00E6-4839-A093-9E98C0137C98}

2011-03-21 11:19 . 2011-03-21 11:20        --------        d-----w-        c:\program files\Common Files\Blizzard Entertainment

2011-03-21 11:18 . 2011-03-21 11:39        --------        d-----w-        c:\programdata\Blizzard Entertainment

2011-03-20 23:32 . 2011-03-20 23:32        --------        d-----w-        c:\users\mike\AppData\Local\{4A90E209-6F8A-47CD-8062-0B596DC4C325}

2011-03-20 11:31 . 2011-03-20 11:32        --------        d-----w-        c:\users\mike\AppData\Local\{0855DDDA-1725-4B69-9F2A-6A1A4DFF05E5}

2011-03-19 18:08 . 2011-03-19 18:08        --------        d-----w-        c:\users\mike\AppData\Local\{E263A234-008E-426C-87CD-0F9A39561506}

2011-03-19 06:07 . 2011-03-19 06:07        --------        d-----w-        c:\users\mike\AppData\Local\{DE187948-41D0-48EF-8B3D-099C46D2756B}

2011-03-18 13:14 . 2011-03-18 13:14        --------        d-----w-        c:\users\mike\AppData\Local\{6D93ED1C-FDD1-48D2-92EA-ACCCCE5E49F1}

2011-03-17 13:14 . 2011-03-17 13:15        --------        d-----w-        c:\users\mike\AppData\Local\{67A8377E-AF42-4181-844B-FD8316A69BE5}

2011-03-16 21:14 . 2011-03-16 21:15        --------        d-----w-        c:\users\mike\AppData\Local\{D0CF9CCB-E179-4B74-BB99-DB1470A41296}

2011-03-16 08:30 . 2011-03-16 08:31        --------        d-----w-        c:\users\mike\AppData\Local\{909109BE-0F33-4CB6-B2F8-125DE74CDD99}

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 11:14 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll

2011-03-08 21:16 . 2010-06-24 10:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-02-19 06:30 . 2011-03-09 08:01        805376        ----a-w-        c:\windows\system32\FntCache.dll

2011-02-19 06:30 . 2011-03-09 08:01        1076736        ----a-w-        c:\windows\system32\DWrite.dll

2011-02-19 06:30 . 2011-03-09 08:01        739840        ----a-w-        c:\windows\system32\d2d1.dll

2011-02-09 01:50 . 2011-02-09 01:50        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-02-03 05:54 . 2011-02-22 08:33        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys

2011-02-02 17:11 . 2010-02-09 20:01        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-01-29 19:18 . 2011-01-29 19:18        218688        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2010-12-21 1739848]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Google Update"="c:\users\mike\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-28 136176]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-03-01 119608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2008-04-02 768520]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\herrbert.exe" [2010-12-20 963976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 136176]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-29 218688]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - KLMD25

*Deregistered* - klmd25

.

Inhalt des "geplante Tasks" Ordners

.

2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 20:32]

.

2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 20:32]

.

2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000Core.job

- c:\users\mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 20:32]

.

2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000UA.job

- c:\users\mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 20:32]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://de.ask.com?o=102869&l=dis&gct=hp

uInternet Settings,ProxyServer = http=;ftp=;https=;

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe

FF - ProfilePath - c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\hvz1ujym.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://de.ask.com?o=102869&l=dis&gct=hp

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_DE&apn_uid=8adcccd9-78d0-4181-ba9c-963df8105170&apn_ptnrs=5J&apn_sauid=AD749FDE-86A5-4ABA-9CA6-1DF7B53706C1&apn_dtid=YYYYYYYYDE&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]

"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-04-14  20:07:51

ComboFix-quarantined-files.txt  2011-04-14 18:07

.

Vor Suchlauf: 8 Verzeichnis(se), 23.031.529.472 Bytes frei

Nach Suchlauf: 10 Verzeichnis(se), 22.926.438.400 Bytes frei

.

- - End Of File - - A1CF166E06C2B02DD76F9AC15999C6DE

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Ok,
Hier GMER-log:

Code:

GMER 1.0.15.15570 - hxxp://www.gmer.net

Rootkit scan 2011-04-15 13:42:40

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500BEVS-22UST0 rev.01.01A01

Running: 3yibmmgo.exe; Driver: C:\Users\mike\AppData\Local\Temp\kxtdypow.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKey + 13C1           82A75339 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2  82AAED52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
 

---- Devices - GMER 1.0.15 ----
 

Device          \Driver\ACPI_HAL \Device\00000052       halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

Osam-log:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 13:55:08 on 15.04.2011
 

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit

Default Browser: Mozilla Corporation Firefox 3.6.16
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000Core.job" - "Google Inc." - C:\Users\mike\AppData\Local\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000UA.job" - "Google Inc." - C:\Users\mike\AppData\Local\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\mike\AppData\Local\Temp\catchme.sys  (File not found)

"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\Program Files\Launch Manager\DPortIO.sys

"kxtdypow" (kxtdypow) - ? - C:\Users\mike\AppData\Local\Temp\kxtdypow.sys  (Hidden registry entry, rootkit activity | File not found)

"Lavalys EVEREST Kernel Driver" (EverestDriver) - ? - C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt  (File found, but it contains no detailed information)

"nvlddmkm" (nvlddmkm) - "NVIDIA Corporation" - C:\Windows\System32\DRIVERS\nvlddmkm.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)

"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll

{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} "IVB Shl Ext" - ? -   (File not found | COM-object registry key not found)

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

"Google Update" - "Google Inc." - "C:\Users\mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c

"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4

"ManyCam" - "ManyCam LLC" - "C:\Program Files\ManyCam\Bin\ManyCam.exe" /silent

"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\herrbert.exe" /runcleanupscript

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Program Files\Hotspot Shield\bin\hsswd.exe  (File found, but it contains no detailed information)

"Hotspot Shield Routing Service" (HssSrv) - ? - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

"Hotspot Shield Service" (HotspotShieldService) - ? - C:\Program Files\Hotspot Shield\bin\openvpnas.exe  (File found, but it contains no detailed information)

"Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE  (File found, but it contains no detailed information)

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und hier noch die
MBRCheck-log:

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Ultimate Edition

Windows Information:                Service Pack 1 (build 7601), 32-bit

Base Board Manufacturer:        Acer

BIOS Manufacturer:                Acer

System Manufacturer:                Acer

System Product Name:                Aspire 5520

Logical Drives Mask:                0x0000007c
 

Kernel Drivers (total 206):

  0x82A37000 \SystemRoot\system32\ntkrnlpa.exe

  0x82A00000 \SystemRoot\system32\halmacpi.dll

  0x80BB3000 \SystemRoot\system32\kdcom.dll

  0x88606000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

  0x88611000 \SystemRoot\system32\PSHED.dll

  0x88622000 \SystemRoot\system32\BOOTVID.dll

  0x8862A000 \SystemRoot\system32\CLFS.SYS

  0x8866C000 \SystemRoot\system32\CI.dll

  0x88717000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x88788000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x88796000 \SystemRoot\system32\drivers\ACPI.sys

  0x887DE000 \SystemRoot\system32\drivers\WMILIB.SYS

  0x887E7000 \SystemRoot\system32\drivers\msisadrv.sys

  0x88828000 \SystemRoot\system32\drivers\pci.sys

  0x88852000 \SystemRoot\system32\drivers\vdrvroot.sys

  0x8885D000 \SystemRoot\System32\drivers\partmgr.sys

  0x8886E000 \SystemRoot\system32\DRIVERS\compbatt.sys

  0x88876000 \SystemRoot\system32\DRIVERS\BATTC.SYS

  0x88881000 \SystemRoot\system32\drivers\volmgr.sys

  0x88891000 \SystemRoot\System32\drivers\volmgrx.sys

  0x888DC000 \SystemRoot\system32\drivers\pciide.sys

  0x888E3000 \SystemRoot\system32\drivers\PCIIDEX.SYS

  0x888F1000 \SystemRoot\System32\drivers\mountmgr.sys

  0x88907000 \SystemRoot\system32\drivers\vmbus.sys

  0x88931000 \SystemRoot\system32\drivers\winhv.sys

  0x88943000 \SystemRoot\system32\drivers\atapi.sys

  0x8894C000 \SystemRoot\system32\drivers\ataport.SYS

  0x8896F000 \SystemRoot\system32\drivers\amdxata.sys

  0x88978000 \SystemRoot\system32\drivers\fltmgr.sys

  0x889AC000 \SystemRoot\system32\drivers\fileinfo.sys

  0x88A18000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x88B47000 \SystemRoot\System32\Drivers\msrpc.sys

  0x88B72000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x88B85000 \SystemRoot\System32\Drivers\cng.sys

  0x88BE2000 \SystemRoot\System32\drivers\pcw.sys

  0x88BF0000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x88C07000 \SystemRoot\system32\drivers\ndis.sys

  0x88CBE000 \SystemRoot\system32\drivers\NETIO.SYS

  0x88CFC000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x88E04000 \SystemRoot\System32\drivers\tcpip.sys

  0x88F4E000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x88F7F000 \SystemRoot\system32\drivers\vmstorfl.sys

  0x88F88000 \SystemRoot\system32\drivers\volsnap.sys

  0x88FC7000 \SystemRoot\System32\Drivers\spldr.sys

  0x88FCF000 \SystemRoot\System32\drivers\rdyboost.sys

  0x88D21000 \SystemRoot\System32\Drivers\mup.sys

  0x88D31000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x88D39000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x88D6B000 \SystemRoot\system32\DRIVERS\disk.sys

  0x88D7C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x88DD3000 \SystemRoot\system32\drivers\cdrom.sys

  0x88DF2000 \SystemRoot\System32\Drivers\Null.SYS

  0x88DF9000 \SystemRoot\System32\Drivers\Beep.SYS

  0x88A00000 \SystemRoot\System32\drivers\vga.sys

  0x889BD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x889DE000 \SystemRoot\System32\drivers\watchdog.sys

  0x88A0C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x889EB000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x889F3000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x88800000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x8880B000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x8DA14000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x8DA2B000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x8DA37000 \SystemRoot\system32\drivers\afd.sys

  0x8DA91000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x8DAC3000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x8DACA000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x8DAE9000 \SystemRoot\system32\DRIVERS\vwififlt.sys

  0x8DAFA000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x8DB08000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys

  0x8DB43000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x8DB56000 \SystemRoot\system32\drivers\termdd.sys

  0x8DB67000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0x8DB6D000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x8DBAE000 \??\C:\Program Files\Launch Manager\DPortIO.sys

  0x8DBB2000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x8DBBC000 \SystemRoot\system32\drivers\mssmbios.sys

  0x8DBC6000 \SystemRoot\System32\drivers\discache.sys

  0x90617000 \SystemRoot\system32\drivers\csc.sys

  0x9067B000 \SystemRoot\System32\Drivers\dfsc.sys

  0x90693000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x906A1000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0x906C7000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x906E8000 \SystemRoot\system32\DRIVERS\amdk8.sys

  0x906FA000 \SystemRoot\system32\drivers\wmiacpi.sys

  0x90703000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0x90707000 \SystemRoot\system32\DRIVERS\enecir.sys

  0x90719000 \SystemRoot\system32\drivers\i8042prt.sys

  0x90731000 \SystemRoot\system32\DRIVERS\DKbFltr.sys

  0x9073B000 \SystemRoot\system32\drivers\kbdclass.sys

  0x90748000 \SystemRoot\system32\drivers\mouclass.sys

  0x90755000 \SystemRoot\system32\DRIVERS\nvsmu.sys

  0x90758000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0x90762000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x907AD000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x907BC000 \SystemRoot\system32\drivers\HDAudBus.sys

  0x8DBD2000 \SystemRoot\system32\drivers\1394ohci.sys

  0x907DB000 \SystemRoot\system32\DRIVERS\rimmptsk.sys

  0x907EA000 \SystemRoot\system32\DRIVERS\rimsptsk.sys

  0x93A0F000 \SystemRoot\system32\DRIVERS\rixdptsk.sys

  0x93A60000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys

  0x95023000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

  0x95984000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

  0x9483D000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x948F4000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x95A26000 \SystemRoot\system32\DRIVERS\athr.sys

  0x95B36000 \SystemRoot\system32\DRIVERS\vwifibus.sys

  0x95B40000 \SystemRoot\system32\drivers\CompositeBus.sys

  0x95B4D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x95B5F000 \SystemRoot\system32\DRIVERS\HssDrv.sys

  0x95B6F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x95B87000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x95B92000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x95BB4000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x95BCC000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x95BE3000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x95A00000 \SystemRoot\system32\DRIVERS\taphss.sys

  0x95A07000 \SystemRoot\system32\DRIVERS\rdpbus.sys

  0x95A11000 \SystemRoot\system32\drivers\swenum.sys

  0x9492D000 \SystemRoot\system32\drivers\ks.sys

  0x95A13000 \SystemRoot\system32\DRIVERS\circlass.sys

  0x94961000 \SystemRoot\system32\drivers\umbus.sys

  0x9496F000 \SystemRoot\system32\drivers\usbhub.sys

  0x949B3000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x95986000 \SystemRoot\system32\drivers\HdAudio.sys

  0x949C4000 \SystemRoot\system32\drivers\portcls.sys

  0x94800000 \SystemRoot\system32\drivers\drmk.sys

  0x94819000 \SystemRoot\system32\DRIVERS\hidir.sys

  0x94828000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x949F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x959D6000 \SystemRoot\system32\drivers\kbdhid.sys

  0x959E2000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x97650000 \SystemRoot\System32\win32k.sys

  0x959ED000 \SystemRoot\System32\drivers\Dxapi.sys

  0x95000000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x9500D000 \SystemRoot\System32\Drivers\dump_dumpata.sys

  0x95018000 \SystemRoot\System32\Drivers\dump_atapi.sys

  0x93B5D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x93B6E000 \SystemRoot\system32\drivers\usbccgp.sys

  0x95A21000 \SystemRoot\system32\drivers\USBD.SYS

  0x93B85000 \SystemRoot\system32\drivers\usbaudio.sys

  0x93B99000 \SystemRoot\system32\drivers\hidusb.sys

  0x93BA4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0x93BBB000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x93BC6000 \SystemRoot\System32\Drivers\usbvideo.sys

  0x978B0000 \SystemRoot\System32\TSDDD.dll

  0x978E0000 \SystemRoot\System32\cdd.dll

  0x88DA1000 \SystemRoot\system32\drivers\luafv.sys

  0x93BEA000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0x8D031000 \SystemRoot\system32\drivers\WudfPf.sys

  0x8D04B000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x8D05B000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x8D0A1000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x8D0B1000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x8D0C4000 \SystemRoot\system32\drivers\HTTP.sys

  0x8D149000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x8D162000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x8D174000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x8D197000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x8D1D2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x9B026000 \SystemRoot\system32\drivers\peauth.sys

  0x9B0BD000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x9B0C7000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x9B0E8000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x9B15F000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x9B62D000 \SystemRoot\System32\DRIVERS\srv.sys

  0x9B683000 \??\C:\Users\mike\AppData\Local\Temp\kxtdypow.sys

  0x76ED0000 \Windows\System32\ntdll.dll

  0x48020000 \Windows\System32\smss.exe

  0x77110000 \Windows\System32\apisetschema.dll

  0x000C0000 \Windows\System32\autochk.exe

  0x77060000 \Windows\System32\advapi32.dll

  0x77040000 \Windows\System32\sechost.dll

  0x77030000 \Windows\System32\nsi.dll

  0x77020000 \Windows\System32\lpk.dll

  0x76E40000 \Windows\System32\oleaut32.dll

  0x76DE0000 \Windows\System32\difxapi.dll

  0x76DC0000 \Windows\System32\imm32.dll

  0x76D60000 \Windows\System32\shlwapi.dll

  0x76B60000 \Windows\System32\iertutil.dll

  0x769C0000 \Windows\System32\setupapi.dll

  0x76940000 \Windows\System32\comdlg32.dll

  0x76890000 \Windows\System32\rpcrt4.dll

  0x77010000 \Windows\System32\normaliz.dll

  0x75C40000 \Windows\System32\shell32.dll

  0x75BB0000 \Windows\System32\clbcatq.dll

  0x75B70000 \Windows\System32\ws2_32.dll

  0x75AA0000 \Windows\System32\user32.dll

  0x75960000 \Windows\System32\urlmon.dll

  0x75800000 \Windows\System32\ole32.dll

  0x75760000 \Windows\System32\usp10.dll

  0x75730000 \Windows\System32\imagehlp.dll

  0x75720000 \Windows\System32\psapi.dll

  0x75620000 \Windows\System32\wininet.dll

  0x755D0000 \Windows\System32\gdi32.dll

  0x754F0000 \Windows\System32\kernel32.dll

  0x754A0000 \Windows\System32\Wldap32.dll

  0x753F0000 \Windows\System32\msvcrt.dll

  0x75320000 \Windows\System32\msctf.dll

  0x75290000 \Windows\System32\comctl32.dll

  0x75260000 \Windows\System32\cfgmgr32.dll

  0x75210000 \Windows\System32\KernelBase.dll

  0x751F0000 \Windows\System32\devobj.dll

  0x751C0000 \Windows\System32\wintrust.dll

  0x750A0000 \Windows\System32\crypt32.dll

  0x75090000 \Windows\System32\msasn1.dll
 

Processes (total 57):

       0 System Idle Process

       4 System

     264 C:\Windows\System32\smss.exe

     396 csrss.exe

     464 C:\Windows\System32\wininit.exe

     476 csrss.exe

     512 C:\Windows\System32\services.exe

     528 C:\Windows\System32\lsass.exe

     536 C:\Windows\System32\lsm.exe

     664 C:\Windows\System32\svchost.exe

     748 C:\Windows\System32\nvvsvc.exe

     788 C:\Windows\System32\svchost.exe

     848 C:\Windows\System32\svchost.exe

     880 C:\Windows\System32\svchost.exe

     916 C:\Windows\System32\svchost.exe

    1040 C:\Windows\System32\svchost.exe

    1168 C:\Windows\System32\svchost.exe

    1260 C:\Windows\System32\winlogon.exe

    1384 C:\Windows\System32\spoolsv.exe

    1424 C:\Program Files\Avira\AntiVir Desktop\sched.exe

    1516 C:\Windows\System32\svchost.exe

    1560 C:\Windows\System32\nvvsvc.exe

    1748 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    1824 C:\Program Files\Hotspot Shield\bin\openvpnas.exe

    1856 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

    1888 C:\Program Files\Hotspot Shield\bin\hsswd.exe

    1972 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

     240 C:\Windows\System32\conhost.exe

     416 C:\Windows\System32\svchost.exe

     932 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

    1456 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

    2336 C:\Windows\System32\svchost.exe

    2508 C:\Windows\System32\svchost.exe

    2628 C:\Windows\System32\taskhost.exe

    2732 C:\Windows\System32\dwm.exe

    2776 C:\Windows\explorer.exe

    3156 C:\Program Files\Launch Manager\LManager.exe

    3204 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    3232 C:\Program Files\Common Files\Java\Java Update\jusched.exe

    3252 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    3300 C:\Program Files\DAEMON Tools Lite\DTLite.exe

    4024 C:\Windows\System32\SearchIndexer.exe

    3004 C:\Program Files\Windows Media Player\wmpnetwk.exe

    1636 C:\Windows\System32\svchost.exe

    4264 dllhost.exe

    4468 C:\Program Files\Hotspot Shield\bin\openvpntray.exe

    4920 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    4948 C:\Windows\System32\svchost.exe

     712 C:\Users\mike\Downloads\3yibmmgo.exe

    1588 C:\Program Files\Mozilla Firefox\firefox.exe

    3472 C:\Windows\System32\audiodg.exe

    5808 C:\Windows\System32\SearchProtocolHost.exe

    4904 C:\Windows\System32\SearchFilterHost.exe

    2604 C:\Windows\explorer.exe

    1648 C:\Users\mike\Downloads\MBRCheck.exe

    2912 C:\Windows\System32\conhost.exe

    3656 C:\Windows\System32\dllhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`35100000  (NTFS)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000  (NTFS)
 

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01

PhysicalDrive1 Model Number: WDC WD1600BEVE-00UYT0, Rev: 
 

      Size  Device Name          MBR Status

  --------------------------------------------

    232 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected

            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

    149 GB  \\.\PhysicalDrive1   RE: Windows XP MBR code detected

            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
 
 

Done!

Zitat:

"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys (File not found)
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys (File not found)

Bitte mit OSAM deaktivieren und löschen

ok, alles getan wie gesagt, was habe ich gerade überhaupt gelöscht?

Dubiose Treiber/Dienste :pfeiff:

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!