Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Recovery eingefangen (https://www.trojaner-board.de/98287-windows-recovery-eingefangen.html)

TT-Fan 27.04.2011 13:24
Windows Recovery eingefangen
 
Hallo,

ich habe hier schon ein wenig im Forum gelesen und bin beeindruckt wie gut hier Laien geholfen wird. Ich bin selbst in den meisten Sachen am PC selber ein Laie und hoffe ebenfalls kompetente Hilfe zu bekommen.

Gestern habe ich mir den Windows Recovery eingefangen und hoffe das mir wer helfen kann diesen wieder zu entfernen.

Hier die malwarebytes Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6455

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

27.04.2011 13:45:35
mbam-log-2011-04-27 (13-45-35).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 169774
Laufzeit: 49 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 6

Infizierte Speicherprozesse:
c:\programdata\43900680.exe (Trojan.FakeAlert) -> 3796 -> Failed to unload process.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jhbHQbuAdnkPg (Trojan.FakeAlert) -> Value: jhbHQbuAdnkPg -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\462091\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\43900680.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\programdata\jhbhqbuadnkpg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\462091\AppData\Local\Temp\tmp1D02.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\462091\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\462091\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\462091\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.


Und hier die OTL Logs:OTL Logfile:
Code:
OTL logfile created on: 27.04.2011 14:02:01 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\462091\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,40 Gb Total Space | 5,92 Gb Free Space | 8,65% Space Free | Partition Type: NTFS
Drive E: | 74,79 Gb Total Space | 52,83 Gb Free Space | 70,64% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: 462091 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\462091\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
PRC - C:\Windows\System32\DWRCS.exe (DameWare Development LLC)
PRC - C:\Windows\System32\DWRCST.exe (DameWare Development)
PRC - C:\Programme\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\System Control Manager\edd.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\AMT\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Programme\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Programme\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\462091\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SASRKServer) -- File not found
SRV - (IPOSCalcRep) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SRV - (DWMRCS) -- C:\Windows\System32\DWRCS.exe (DameWare Development LLC)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (NishService) -- C:\Programme\System Control Manager\edd.exe ()
SRV - (UNS) Intel(R) -- C:\Programme\Intel\AMT\UNS.exe (Intel Corporation)
SRV - (atchksrv) Intel(R) -- C:\Programme\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (dwvkbd) -- C:\Windows\System32\drivers\dwvkbd.sys (DameWare)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Programme\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}:5.0.14
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.01 12:11:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.01 12:10:54 | 000,000,000 | ---D | M]
 
[2008.10.08 00:30:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\462091\AppData\Roaming\mozilla\Extensions
[2011.04.15 12:51:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions
[2011.04.02 12:03:06 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.03.19 13:09:55 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.23 15:44:13 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\firefox@tvunetworks.com
[2011.04.01 12:11:19 | 000,000,000 | -H-D | M] (WEB.DE Toolbar) -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\toolbar@web.de
[2011.04.17 19:38:49 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-1.xml
[2010.01.13 11:02:36 | 000,000,961 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-10.xml
[2010.01.21 17:21:49 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-11.xml
[2010.03.25 12:45:38 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-12.xml
[2010.04.10 09:10:27 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-13.xml
[2010.07.01 16:31:56 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-14.xml
[2010.07.08 12:22:37 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-15.xml
[2010.07.24 12:12:39 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-16.xml
[2010.07.25 11:02:37 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-17.xml
[2010.07.29 14:21:42 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-18.xml
[2010.09.23 19:19:49 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-19.xml
[2009.05.11 16:01:09 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-2.xml
[2010.09.23 20:05:04 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-20.xml
[2011.04.01 12:11:54 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-21.xml
[2009.05.11 17:49:52 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-3.xml
[2009.06.15 08:57:25 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-4.xml
[2009.07.23 13:22:11 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-5.xml
[2009.08.11 13:44:33 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-6.xml
[2009.09.21 22:43:45 | 000,000,961 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-7.xml
[2009.11.09 13:25:28 | 000,000,961 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-8.xml
[2009.11.11 09:18:58 | 000,000,961 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-9.xml
[2011.02.20 12:21:20 | 000,000,168 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin.gif
[2011.02.20 12:21:20 | 000,000,618 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin.xml
[2011.04.01 12:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.01 12:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.03.12 08:45:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.12 13:19:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
[2011.01.01 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.01 12:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.04.01 12:10:58 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) --
[2008.09.12 13:19:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
[2011.01.01 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\462091\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZKV71RR6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\462091\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZKV71RR6.DEFAULT\EXTENSIONS\{DF4E4DF5-5CB7-46B0-9AEF-6C784C3249F8}.XPI
() (No name found) -- C:\USERS\462091\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZKV71RR6.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2009.09.02 03:00:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.06 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2011.01.01 11:45:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.20 14:20:42 | 000,000,823 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 209.59.135.116 hxxp://www.playforyourclub.com
O1 - Hosts: 209.59.135.116 www.playforyourclub.com
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\System32\DWRCST.exe (DameWare Development)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: awd.de ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: awd.de ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: awd.de ([kvonline] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.15 12:34:27 | 000,000,095 | ---- | M] () - C:\autoexec.001 -- [ NTFS ]
O32 - AutoRun File - [2008.06.05 12:36:42 | 000,000,095 | ---- | M] () - C:\autoexec.002 -- [ NTFS ]
O32 - AutoRun File - [2008.08.28 11:53:50 | 000,000,095 | ---- | M] () - C:\autoexec.003 -- [ NTFS ]
O32 - AutoRun File - [2009.02.24 13:48:11 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.r2 -- [ NTFS ]
O33 - MountPoints2\{16843822-5949-11de-abfd-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{16843822-5949-11de-abfd-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{16843824-5949-11de-abfd-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{16843824-5949-11de-abfd-000000000000}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{25ea508d-6b9a-11de-b668-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{25ea508d-6b9a-11de-b668-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{25ea508f-6b9a-11de-b668-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{25ea508f-6b9a-11de-b668-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4805f21b-43db-11de-8e85-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4805f21b-43db-11de-8e85-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4805f23a-43db-11de-8e85-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4805f23a-43db-11de-8e85-000000000000}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{4805f2dd-43db-11de-8e85-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4805f2dd-43db-11de-8e85-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4805f2df-43db-11de-8e85-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4805f2df-43db-11de-8e85-000000000000}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{54f21cdf-4f6b-11de-b0b7-000000000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe UEMKEN.vbs
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.27 13:59:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\462091\Desktop\OTL.exe
[2011.04.27 12:51:03 | 000,000,000 | -H-D | C] -- C:\Users\462091\AppData\Roaming\Malwarebytes
[2011.04.27 12:50:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.27 12:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.27 12:50:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.27 12:50:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.27 12:50:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.26 18:25:40 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.04.26 18:12:49 | 000,000,000 | -H-D | C] -- C:\Users\462091\AppData\Local\Sunbelt Software
[2011.04.26 18:04:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}
[2011.04.26 18:04:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Lavasoft
[2011.04.26 18:04:22 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2011.04.26 18:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.04.26 17:36:05 | 123,916,352 | -H-- | C] (Lavasoft ) -- C:\Users\462091\Desktop\Ad-Aware902Install.exe
[2011.04.26 17:06:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch
[2011.04.26 14:18:00 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2011.04.26 14:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2011.04.14 08:31:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 08:31:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 08:31:29 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 08:31:28 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 08:31:24 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 08:31:18 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.14 08:31:16 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 08:31:16 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 08:31:16 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.14 08:31:15 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 08:31:15 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.14 08:31:15 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 08:31:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.14 08:31:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.14 08:31:14 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.14 08:31:09 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 08:31:08 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.14 08:31:07 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.14 08:31:05 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011.04.14 00:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2011.04.04 15:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011.04.04 15:17:24 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011.04.04 15:17:21 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011.04.04 15:17:19 | 000,000,000 | ---D | C] -- C:\Programme\PDFCreator
[2011.03.31 16:22:38 | 000,000,000 | -H-D | C] -- C:\Users\462091\Desktop\USB
[2008.01.24 10:11:48 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2008.01.24 10:11:47 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.27 14:05:03 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{697CB72C-A473-4DF5-BC8B-CA29E7EFCA00}.job
[2011.04.27 14:00:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\462091\Desktop\OTL.exe
[2011.04.27 13:50:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.27 13:49:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.27 13:48:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 13:48:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 13:48:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.27 13:48:05 | 2121,437,184 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.27 12:50:42 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 18:04:49 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.26 17:37:23 | 123,916,352 | -H-- | M] (Lavasoft ) -- C:\Users\462091\Desktop\Ad-Aware902Install.exe
[2011.04.26 13:53:05 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~43900680
[2011.04.21 09:03:19 | 000,730,196 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 09:03:19 | 000,680,210 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 09:03:19 | 000,132,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 09:03:18 | 000,164,236 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.15 03:39:43 | 000,380,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.14 00:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2011.04.04 15:17:29 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.04.01 12:11:04 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 12:50:42 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 18:04:49 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.26 13:51:04 | 2121,437,184 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.26 13:38:35 | 000,000,040 | -H-- | C] () -- C:\ProgramData\~43900680
[2011.04.04 15:17:29 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.04.04 15:17:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.01 12:11:04 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.02.18 04:13:32 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.18 04:13:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.02.17 08:24:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.04.12 17:13:06 | 000,007,567 | -H-- | C] () -- C:\Windows\SigPlus.ini
[2009.12.29 13:20:55 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009.12.11 01:26:17 | 000,135,704 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.09.28 13:37:19 | 000,722,944 | ---- | C] () -- C:\Windows\System32\DWRCSMSI.exe
[2009.09.28 08:01:41 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.12.09 23:20:49 | 000,038,464 | -H-- | C] () -- C:\Users\462091\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2008.08.21 11:55:58 | 000,000,066 | ---- | C] () -- C:\Windows\SpeedGear.INI
[2008.07.27 13:10:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.06.23 13:27:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.05.25 19:47:49 | 000,019,456 | -H-- | C] () -- C:\Users\462091\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.25 09:04:57 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2008.05.25 09:04:57 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.05.23 11:18:15 | 000,000,728 | ---- | C] () -- C:\Windows\System32\DWRCCMDError.ini
[2008.05.19 10:42:15 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOAZXJAL.DLL
[2008.05.15 12:56:48 | 000,008,837 | ---- | C] () -- C:\Windows\System32\Dwrcs.ini
[2008.05.15 12:56:08 | 000,045,056 | R--- | C] () -- C:\Windows\System32\unredmon.exe
[2008.05.15 12:56:07 | 000,116,224 | R--- | C] () -- C:\Windows\System32\redmonnt.dll
[2008.05.15 12:55:57 | 000,081,920 | ---- | C] () -- C:\Programme\uninstgs.exe
[2008.05.15 12:30:31 | 000,000,201 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.05.15 12:30:31 | 000,000,185 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.05.15 10:14:44 | 000,094,208 | ---- | C] () -- C:\Windows\System32\AWDBCenter.dll
[2008.05.15 09:51:46 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.05.15 09:45:51 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008.05.14 19:53:47 | 000,840,586 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008.01.24 10:11:49 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2008.01.24 10:11:48 | 012,033,024 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2008.01.24 10:11:48 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2008.01.24 10:00:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2008.01.24 10:00:22 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2008.01.24 09:39:56 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.01.24 09:30:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.24 09:07:47 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.01.24 09:07:47 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.01.24 09:07:46 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008.01.24 09:07:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007.11.28 08:40:25 | 000,163,840 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2006.12.05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 17:42:41 | 000,730,196 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:42:41 | 000,164,236 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:43 | 000,380,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,680,210 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,132,164 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== Files - Unicode (All) ==========
[2011.03.10 11:01:16 | 000,000,014 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\둨—께—
[2011.03.10 11:01:16 | 000,000,014 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\둨—께—
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:B0A96209
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8CEFE51A
 
< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 27.04.2011 14:02:01 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\462091\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,40 Gb Total Space | 5,92 Gb Free Space | 8,65% Space Free | Partition Type: NTFS
Drive E: | 74,79 Gb Total Space | 52,83 Gb Free Space | 70,64% Space Free | Partition Type: NTFS
 
Computer Name: XXX46209C | User Name: 462091 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-935411637-121726556-1431338135-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D8732F6-88B4-4A13-BFC2-C4411716B923}" = lport=6129 | protocol=6 | dir=in | name=dameware mini remote control service |
"{7B30BF8E-7E9D-45EF-92E8-E143936AB067}" = lport=6129 | protocol=6 | dir=in | name=dameware mini remote control service |
"{869877AA-1F97-480B-B3C8-70D0E6F05D7D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F6BD56-AAB6-4587-A5F7-DEDF5A98A2FB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{05E09CEC-6346-4988-998C-9E1019CCA3B6}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{08893E58-3A6E-4E3C-A170-F031BC362B99}" = protocol=6 | dir=in | app=c:\awd\angwin\rk\skn\tiscorba\jre\bin\java.exe |
"{0CE3A1E0-CD04-4935-BDDA-B531039423C3}" = protocol=6 | dir=in | app=c:\awd\av-butler\vm\bin\java.exe |
"{0EE3936E-3996-485C-8FFE-40A2849C014B}" = protocol=6 | dir=in | app=c:\awd\angwin\rk\skn\tiskernel.exe |
"{0F3B5DD0-6DF9-442B-9FB0-00EF699507AA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{239D1002-2ACA-4D10-AA7D-23C80BDF7B66}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3B937718-1C4E-42E4-A138-07760A1B0672}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{3F18E429-8A24-468E-BBDD-7C7609C5B527}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{40A7A5D2-A071-46CB-8F4C-63B2D9BB2EFC}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{486FF173-0201-482A-ADE1-930070323A26}" = protocol=17 | dir=in | app=c:\awd\angwin\rk\skn\tiscorba\jre\bin\java.exe |
"{4F8D78F6-2225-4773-BA22-A80543FA6F5A}" = protocol=6 | dir=in | app=c:\windows\system32\dbeng8.exe |
"{60006537-0142-4542-99F7-563E1BDE7224}" = protocol=17 | dir=in | app=c:\awd\av-butler\vm\bin\java.exe |
"{624B5F08-7AA6-4F43-98AD-F298250B1E51}" = protocol=17 | dir=in | app=c:\awd\av-butler\vm\bin\javaw.exe |
"{69C72108-CBF6-42FF-A21E-806F3DA10319}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7648B61B-B798-4175-A24E-546C14DFCF8F}" = protocol=17 | dir=in | app=c:\awd\angwin\rk\skn\tiskernel.exe |
"{82970A7E-60BE-41E6-8D05-21DD40E840E9}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{8582BE6B-B48E-4DEC-9300-DF818BB1801A}" = protocol=17 | dir=in | app=c:\windows\system32\dbeng8.exe |
"{917AD671-6BD8-4135-B2A8-F633EBC8CE46}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{92BBB555-3484-41F1-BE90-94E1A81AA071}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9472C504-1F3A-4D89-A7C5-C254BF692EF5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{95E1162A-F1D2-4A23-9505-D9A48F428D08}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9F9EC1F3-033B-4766-9C4C-04D185D7E07D}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |
"{9FC6C93A-5D7C-433B-B4E0-D4141703801B}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{ABDE08B2-D4C7-48D7-8A6D-D54A2208E823}" = protocol=6 | dir=in | app=c:\windows\system32\dwrcs.exe |
"{ADDFCE54-75D9-49D9-9FCD-CE5198D9A122}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{B1A3691E-A0F0-4B59-9962-5F5A05694D86}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B6D5B5EA-D3B8-4A29-A775-2469D26C5852}" = protocol=6 | dir=in | app=c:\awd\av-butler\vm\bin\javaw.exe |
"{B78A2CF3-7A31-49A8-8DED-D933F0D8B6F6}" = protocol=17 | dir=in | app=c:\windows\system32\dwrcs.exe |
"{D138E65C-635B-470D-A2D3-47F3CB83C933}" = protocol=6 | dir=in | app=c:\awd\angwin\rk\skn\tiscorba\jre\bin\tnameserv.exe |
"{D15342DC-E59B-40FB-91C0-F243B85E6054}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D66CE919-6F40-4E51-822C-DECD584E5E15}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7D747C4-61F8-4DD1-A2FB-E0C6F90C6A5D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E654FEE1-F581-417B-A21E-00190C636ED4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F7023B72-5B25-4237-A1C8-21C130F64498}" = protocol=17 | dir=in | app=c:\awd\angwin\rk\skn\tiscorba\jre\bin\tnameserv.exe |
"{FCA2494C-3B1F-4BE3-B99B-4929504A5EA2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FE91E045-03E3-4052-B407-022012BC945B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{29FD5D2C-32AF-4C9F-BEDF-601624A2C7CD}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{2FBFFDB8-B8D7-493A-A8FE-3A7EA57AB320}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{357E562F-6F5A-4B0F-A3AD-F6E1D462A800}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{384C23FF-DDAE-47D2-AD67-5A14336ABFBC}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{3D621536-0FF3-4BB1-A81D-589901C06577}C:\program files\java\jre1.5.0_14\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_14\bin\javaw.exe |
"TCP Query User{450D1C4F-903D-4C4E-8DA2-C801446D9196}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{5DA4BFD6-E819-405B-BE11-2BA74586F9D1}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"TCP Query User{64A28E2A-8483-4CBE-A87A-B072C5699974}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{679E8B12-2A19-448A-BD1E-B0BC6A864B7A}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe |
"TCP Query User{6D618B1A-17C6-43CD-9B6D-95024D313408}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{7B3A6A8A-5CC0-4133-A3FF-A78C073267E4}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{8348B279-B103-422B-811B-44DAF7F9505E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9FA877CC-F298-4CEF-A4D5-BD12D68391CD}C:\program files\java\jre1.5.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_03\bin\javaw.exe |
"TCP Query User{AB34A0B7-5D50-42AA-A664-1A4784D54832}C:\program files\java\jre1.5.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_03\bin\javaw.exe |
"TCP Query User{AFBA441B-6B1F-448D-A5EC-64A3C8E66702}C:\users\462091\documents\ftpserv\ftpserv.exe" = protocol=6 | dir=in | app=c:\users\462091\documents\ftpserv\ftpserv.exe |
"TCP Query User{BBE54EF4-80FE-4A35-B9C1-6FBA6DBC80EF}C:\program files\java\jre1.5.0_14\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_14\bin\javaw.exe |
"TCP Query User{CCA81D28-F0CA-4561-BCE9-87BB920DCC99}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{CEBEC37C-863E-4A2A-A150-AF95528369DF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E10B705F-F1D1-4980-843F-9EAEA7F6579E}C:\program files\pokerstrategy\pokerstrategy equilator\equilator.exe" = protocol=6 | dir=in | app=c:\program files\pokerstrategy\pokerstrategy equilator\equilator.exe |
"TCP Query User{EE7EFB3D-064E-4F4D-B0C3-81C9610255AA}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{F5A6E2E1-53D0-4935-8E37-6663847F91DB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{0F78FAF4-BAAB-4A8B-AE53-C2DABF7E756A}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{1C0F719F-FE79-4D97-B588-D2D001686E0F}C:\program files\pokerstrategy\pokerstrategy equilator\equilator.exe" = protocol=17 | dir=in | app=c:\program files\pokerstrategy\pokerstrategy equilator\equilator.exe |
"UDP Query User{1CCE3E22-E9A0-468A-85E6-E189CFB91156}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{29CA3654-A900-4304-A516-CC84CBCC4268}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{35336A4F-180A-441F-A858-AF92EB37DD13}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{35A58FEA-46EE-4389-99D9-9FD3FD64B9F6}C:\program files\java\jre1.5.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_03\bin\javaw.exe |
"UDP Query User{3EB16204-21FD-42B0-9EB2-B1CB5AC3D596}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4245985B-4E45-4206-AB1B-06CD04147249}C:\program files\java\jre1.5.0_14\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_14\bin\javaw.exe |
"UDP Query User{44565E01-F150-4BA8-A2F4-2CC3E714E0A3}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{4A4ACD07-EED8-4753-9361-01DB9CDE4D5E}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{60BA25B0-AC65-441C-B09C-C992384FF55B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{8500B913-D603-4892-AA12-9A2AC85D0DE2}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"UDP Query User{90D49AAC-5126-4CCD-B475-3442CB95FCA9}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{A61499C6-B38C-45A2-BE4A-1175EF1442B3}C:\program files\java\jre1.5.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_03\bin\javaw.exe |
"UDP Query User{A9CCEF6D-6ED9-46C5-BDFB-EEAC222A2F84}C:\program files\java\jre1.5.0_14\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_14\bin\javaw.exe |
"UDP Query User{B5889BD0-3BBB-4FF6-A4D0-364B3D564611}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe |
"UDP Query User{BABFCDC5-5E02-42B7-88B1-0E149F64ED82}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{D5FBD825-4930-47FF-8E72-45326D63F0FE}C:\users\462091\documents\ftpserv\ftpserv.exe" = protocol=17 | dir=in | app=c:\users\462091\documents\ftpserv\ftpserv.exe |
"UDP Query User{E2062A73-5BEB-4709-B455-FDF5A5D7F793}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{E23720C8-6B57-4E78-9425-D03C36E62A8F}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{EE462FA1-80EB-4C74-B322-EF4938C0808D}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1996809B-2215-4C99-9DE3-E75C8FE3B8C9}" = Tournament Shark
"{1DE22109-B91A-4292-986B-DCB622FEA45F}" = RSA ACE/Agent
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20E75CE0-2DAC-4ECC-8BF2-7F3550D631EB}" = DameWare Mini Remote Control Client Agent Service
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
"{34D121D1-62B3-4B42-98A3-4DE3D1B70706}" = AWD Kommunikationscenter
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AD96D37-7CAF-4295-A274-E403F1F38065}" = Tools für Microsoft SQL Server 2005
"{3B83CD21-49F3-404F-A498-2C5AA515D1D0}" = Outlook Ersteinrichtung
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4186FEBC-F0CC-4185-A406-24292BC9877A}" = Nokia Software Updater
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{44918223-7D61-451D-89FE-5BC2B130926C}" = Ikarus Vorlagen
"{47A0A80F-8DC0-43EB-B9B4-36FD86979DF7}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{4D3D8D17-73B9-4CDE-917A-34357DF2E552}" = Interaktive Präsentationsmappe
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5E616211-01C7-47C6-A5DD-96C6A1BCB41C}" = Heureka
"{63F77981-887E-4586-841E-4C5B37929981}" = MasterSetup 26.00.0009, DVD-Stand 0026_20090911
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{75C16BE5-3302-4143-8790-36D24C41660E}" = bAV-Analyse Pro
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EDA7179-9B8E-465B-A3F8-CECB27F90FE0}" = PFS 2005
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}" = Collaboration Data Objects 1.2.1
"{87D9045F-5DE3-4AED-B56E-3A2927F2AF91}" = Fujitsu NetCOBOL Free Run-time
"{88D041CC-C3B6-41BB-8CFB-6107C26D5C2A}" = Outlook Ersteinrichtung
"{8D78B3DF-C142-4553-AC4E-E677D471E571}" = AWD Business Center
"{8DE11CA6-32A5-4505-82DF-E758C2B73DA2}" = AWD Business Center
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9243CB37-6943-4534-9293-4D850A716E4E}" = DameWareClient
"{985EB102-3DB9-49E1-A61A-83E08EA7AE6C}" = SMART Digitale Beratungsmappe
"{9D4E62AC-C8CB-4221-8ABF-2589584B6875}" = UpdateStar
"{A08FCF63-BCF4-4748-8F66-C869B7A86FD2}" = AWDSecurity
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7D1E02A-9BBF-44BC-BB0E-60211E4A2BE0}" = AWD Word Vorlagen
"{BE1219DB-22F8-491C-B3FE-FE0A4FB794F6}" = signotec SignoSign-Web - eDocBox V7.2.276
"{C2C599FE-4FCA-40D0-8C9B-050122D727EF}" = AWD Angebotsmappe
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF78AB2B-1CA0-42D2-A2F1-FDEBC7876EF0}" = Microsoft SQL Server 2005 (AWDVERTRIEB)
"{D21ADE43-3AC8-4942-82BC-9C1D6063F046}" = Bild-Steuer 2009
"{D4EB3763-9586-405D-B376-DE98C8C9285E}" = PokerStrategy Equilator
"{D7DCC734-7F6F-4E82-9B74-0BAB4BB36C4A}" = PokerStrategy Elephant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DED55849-00F7-4F40-B9E5-E73952DCB97D}" = Ikarus
"{E31B071D-877F-4C86-BF5D-1C20E031304F}" = Microsoft SQL Server Management Studio Express
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2969393-2D4D-4977-8166-B1251B08EF12}" = McAfee Agent
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"033AF7005E28212C588F4A6A7C70FC337035B868" = Windows Driver Package - Intel net (02/25/2007 11.1.0.86)
"2EC71483DB9F72339C87003A2DD75619594C70DD" = Windows-Treiberpaket - UPEK (TcUsb) Biometric (03/10/2007 1.9.2.0093)
"68C0F080293D2F762A22106C594B4792339BE161" = Windows Driver Package - Intel (NETw4v32) net (02/25/2007 11.1.0.86)
"7-Zip" = 7-Zip 4.42
"8333FFE8B8D391F641E11CBFBC132644ED829C65" = Windows-Treiberpaket - Sonix (SNP2STD) Image (05/08/2007 5.7.21.001)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AMCap" = AMCap
"Applian FLV Player2.0.24" = Applian FLV Player
"Avidemux 2.5" = Avidemux 2.5
"AWD Nuernberger-Version 0108 " = AWD Nürnberger Version 01.2008
"AWD Nuernberger-Version 0109 " = AWD Nürnberger Version 01.2009
"AWDEASY0" = easy in C:\Program Files\AWDEASY
"CCleaner" = CCleaner (remove only)
"D378CF7D7829BEE3D6C6016D3E4A00DF2B5B858B" = Windows Driver Package - Intel (NETw2v32) net (02/14/2007 9.1.1.13)
"ElsterFormular 11.5.1.4843" = ElsterFormular
"FLV Player" = FLV Player 2.0, build 24
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"IHMC CmapTools v5.03" = IHMC CmapTools v5.03
"InstallShield_{87D9045F-5DE3-4AED-B56E-3A2927F2AF91}" = Fujitsu NetCOBOL Free Run-time
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Joerg Loehr Screensaver 2009" = Joerg Loehr Screensaver 2009
"Joerg Loehr Screensaver 2010" = Joerg Loehr Screensaver 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel(R) Active Management Technology Device Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"MSI PR400" = MSI PR400 Screen Saver
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SopCast" = SopCast 3.0.3
"Speed Gear_is1" = Speed Gear v6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"True DBGrid Pro 6.0" = APEX True DBGrid Pro 6.0
"VLC media player" = VLC media player 0.9.9
"WinRAR archiver" = WinRAR archiver
"XiphQT" = Xiph QuickTime Components
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Persönliche Finanzstrategie" = Persönliche Finanzstrategie
"sc11-AT_ORF_MAIN" = Ski Challenge 11 (AT)
"Skat-Online V8" = Skat-Online V8
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---


Ich bedanke mich schonmal im vorraus für eure Mühen.

cosinus 28.04.2011 16:39
Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

TT-Fan 28.04.2011 17:11
Ich habe auch ein Vollscan gemacht. Der von gestern dürfte doch reichen, oder? Hatte nur den Quick Check gepostet weil ich es so bei "Wie eröffne ich einen Thread" so gelesen hatte.

Also hier der Vollcheck:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6455

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

27.04.2011 16:56:00
mbam-log-2011-04-27 (16-56-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 385927
Laufzeit: 2 Stunde(n), 1 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 28.04.2011 18:59
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:B0A96209
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8CEFE51A
[2011.03.10 11:01:16 | 000,000,014 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\둨—께—
[2011.03.10 11:01:16 | 000,000,014 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\둨—께—
[2011.04.26 13:38:35 | 000,000,040 | -H-- | C] () -- C:\ProgramData\~43900680
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.15 12:34:27 | 000,000,095 | ---- | M] () - C:\autoexec.001 -- [ NTFS ]
O32 - AutoRun File - [2008.06.05 12:36:42 | 000,000,095 | ---- | M] () - C:\autoexec.002 -- [ NTFS ]
O32 - AutoRun File - [2008.08.28 11:53:50 | 000,000,095 | ---- | M] () - C:\autoexec.003 -- [ NTFS ]
O32 - AutoRun File - [2009.02.24 13:48:11 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.r2 -- [ NTFS ]
O33 - MountPoints2\{16843822-5949-11de-abfd-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{16843822-5949-11de-abfd-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{16843824-5949-11de-abfd-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{16843824-5949-11de-abfd-000000000000}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{25ea508d-6b9a-11de-b668-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{25ea508d-6b9a-11de-b668-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{25ea508f-6b9a-11de-b668-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{25ea508f-6b9a-11de-b668-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4805f21b-43db-11de-8e85-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4805f21b-43db-11de-8e85-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4805f23a-43db-11de-8e85-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4805f23a-43db-11de-8e85-000000000000}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{4805f2dd-43db-11de-8e85-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4805f2dd-43db-11de-8e85-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4805f2df-43db-11de-8e85-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4805f2df-43db-11de-8e85-000000000000}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{54f21cdf-4f6b-11de-b0b7-000000000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe UEMKEN.vbs
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
[2011.04.02 12:03:06 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.03.19 13:09:55 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.23 15:44:13 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\firefox@tvunetworks.com
[2011.04.01 12:11:19 | 000,000,000 | -H-D | M] (WEB.DE Toolbar) -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\toolbar@web.de
[2011.04.17 19:38:49 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-1.xml
[2010.01.13 11:02:36 | 000,000,961 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-10.xml
[2010.01.21 17:21:49 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-11.xml
[2010.03.25 12:45:38 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-12.xml
[2010.04.10 09:10:27 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-13.xml
[2010.07.01 16:31:56 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-14.xml
[2010.07.08 12:22:37 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-15.xml
[2010.07.24 12:12:39 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-16.xml
[2010.07.25 11:02:37 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-17.xml
[2010.07.29 14:21:42 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-18.xml
[2010.09.23 19:19:49 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-19.xml
[2009.05.11 16:01:09 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-2.xml
[2010.09.23 20:05:04 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-20.xml
[2011.04.01 12:11:54 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-21.xml
[2009.05.11 17:49:52 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-3.xml
[2009.06.15 08:57:25 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-4.xml
[2009.07.23 13:22:11 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-5.xml
[2009.08.11 13:44:33 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-6.xml
[2009.09.21 22:43:45 | 000,000,961 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-7.xml
[2009.11.09 13:25:28 | 000,000,961 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-8.xml
[2009.11.11 09:18:58 | 000,000,961 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-9.xml
[2011.02.20 12:21:20 | 000,000,168 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin.gif
[2011.02.20 12:21:20 | 000,000,618 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin.xml
[2009.03.12 08:45:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

TT-Fan 28.04.2011 21:40
Zitat:
Zitat von cosinus (Beitrag 648784)
beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), .
Habe McAfee und bekomme es nicht deaktiviert. Ist das ein Problem oder gibt es da eine Lösung?

cosinus 29.04.2011 10:02
McAfee bitte deinstallieren, das Teil wird uns später eh stören. Wenn wir hier komplett druch sind kann wieder ein Scanner rauf (ich würd nicht McAfee nehmen)

TT-Fan 29.04.2011 14:10
All processes killed
========== OTL ==========
Unable to delete ADS C:\ProgramData\TEMP:B0A96209 .
Unable to delete ADS C:\ProgramData\TEMP:8CEFE51A .
File C:\Windows\System32\둨—께— not found.
File C:\Windows\System32\둨—께— not found.
File C:\ProgramData\~43900680 not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.001 not found.
File C:\autoexec.002 not found.
File C:\autoexec.003 not found.
File C:\AUTOEXEC.BAT not found.
File C:\autoexec.r2 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16843822-5949-11de-abfd-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16843822-5949-11de-abfd-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16843822-5949-11de-abfd-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16843822-5949-11de-abfd-000000000000}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16843824-5949-11de-abfd-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16843824-5949-11de-abfd-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16843824-5949-11de-abfd-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16843824-5949-11de-abfd-000000000000}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25ea508d-6b9a-11de-b668-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25ea508d-6b9a-11de-b668-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25ea508d-6b9a-11de-b668-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25ea508d-6b9a-11de-b668-000000000000}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25ea508f-6b9a-11de-b668-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25ea508f-6b9a-11de-b668-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25ea508f-6b9a-11de-b668-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25ea508f-6b9a-11de-b668-000000000000}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4805f21b-43db-11de-8e85-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4805f21b-43db-11de-8e85-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4805f21b-43db-11de-8e85-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4805f21b-43db-11de-8e85-000000000000}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4805f23a-43db-11de-8e85-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4805f23a-43db-11de-8e85-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4805f23a-43db-11de-8e85-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4805f23a-43db-11de-8e85-000000000000}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4805f2dd-43db-11de-8e85-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4805f2dd-43db-11de-8e85-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4805f2dd-43db-11de-8e85-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4805f2dd-43db-11de-8e85-000000000000}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4805f2df-43db-11de-8e85-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4805f2df-43db-11de-8e85-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4805f2df-43db-11de-8e85-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4805f2df-43db-11de-8e85-000000000000}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54f21cdf-4f6b-11de-b0b7-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54f21cdf-4f6b-11de-b0b7-000000000000}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe UEMKEN.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Folder C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
Folder C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\firefox@tvunetworks.com\ not found.
Folder C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\toolbar@web.de\ not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-10.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-11.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-12.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-13.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-14.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-15.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-16.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-17.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-18.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-19.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-20.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-21.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-5.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-6.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-7.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-8.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-9.xml not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin.gif not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin.src not found.
File C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin.xml not found.
Folder C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: 462091
->Temp folder emptied: 358730199 bytes
->Temporary Internet Files folder emptied: 2787965802 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62875350 bytes
->Google Chrome cache emptied: 19855843 bytes
->Flash cache emptied: 121410 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1091451 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 398088961 bytes
RecycleBin emptied: 2039200317 bytes

Total Files Cleaned = 5.405,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04292011_145030

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\atchksrv.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 29.04.2011 20:15
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

TT-Fan 29.04.2011 22:29
Hier das Kaspersky Log:

2011/04/29 23:23:37.0871 26452 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/29 23:23:38.0136 26452 ================================================================================
2011/04/29 23:23:38.0136 26452 SystemInfo:
2011/04/29 23:23:38.0136 26452
2011/04/29 23:23:38.0136 26452 OS Version: 6.0.6001 ServicePack: 1.0
2011/04/29 23:23:38.0136 26452 Product type: Workstation
2011/04/29 23:23:38.0136 26452 ComputerName: AWD46209C
2011/04/29 23:23:38.0136 26452 UserName: 462091
2011/04/29 23:23:38.0136 26452 Windows directory: C:\Windows
2011/04/29 23:23:38.0136 26452 System windows directory: C:\Windows
2011/04/29 23:23:38.0136 26452 Processor architecture: Intel x86
2011/04/29 23:23:38.0136 26452 Number of processors: 2
2011/04/29 23:23:38.0136 26452 Page size: 0x1000
2011/04/29 23:23:38.0136 26452 Boot type: Normal boot
2011/04/29 23:23:38.0136 26452 ================================================================================
2011/04/29 23:23:38.0870 26452 Initialize success
2011/04/29 23:23:45.0734 26328 ================================================================================
2011/04/29 23:23:45.0734 26328 Scan started
2011/04/29 23:23:45.0734 26328 Mode: Manual;
2011/04/29 23:23:45.0734 26328 ================================================================================
2011/04/29 23:23:48.0994 26328 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/04/29 23:23:49.0634 26328 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/29 23:23:50.0226 26328 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/29 23:23:50.0507 26328 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/29 23:23:50.0616 26328 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/29 23:23:50.0710 26328 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/04/29 23:23:51.0053 26328 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/04/29 23:23:51.0334 26328 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/29 23:23:51.0443 26328 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/29 23:23:51.0537 26328 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/29 23:23:51.0584 26328 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/29 23:23:51.0630 26328 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/29 23:23:51.0693 26328 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/29 23:23:51.0755 26328 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/29 23:23:51.0833 26328 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/29 23:23:51.0849 26328 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/29 23:23:51.0911 26328 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/29 23:23:51.0974 26328 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/04/29 23:23:52.0083 26328 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/29 23:23:52.0208 26328 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/29 23:23:52.0270 26328 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/29 23:23:52.0301 26328 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/29 23:23:52.0332 26328 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/29 23:23:52.0364 26328 BrSerIf (56f59a4011f503149ae4de826982ca4f) C:\Windows\system32\Drivers\BrSerIf.sys
2011/04/29 23:23:52.0395 26328 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/29 23:23:52.0410 26328 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/29 23:23:52.0442 26328 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
2011/04/29 23:23:52.0473 26328 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/29 23:23:52.0551 26328 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/29 23:23:52.0598 26328 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/29 23:23:52.0644 26328 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/29 23:23:52.0691 26328 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/04/29 23:23:52.0769 26328 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/29 23:23:52.0832 26328 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/29 23:23:52.0863 26328 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/29 23:23:52.0894 26328 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/29 23:23:52.0972 26328 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/29 23:23:53.0050 26328 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2011/04/29 23:23:53.0128 26328 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/04/29 23:23:53.0253 26328 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/04/29 23:23:53.0300 26328 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/29 23:23:53.0362 26328 dwvkbd (5a402c57f621114c99f813c6ae7bc37a) C:\Windows\system32\DRIVERS\dwvkbd.sys
2011/04/29 23:23:53.0424 26328 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/29 23:23:53.0518 26328 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/29 23:23:53.0549 26328 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/29 23:23:53.0627 26328 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/04/29 23:23:53.0674 26328 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/29 23:23:54.0002 26328 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/04/29 23:23:54.0095 26328 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/04/29 23:23:54.0158 26328 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/29 23:23:54.0220 26328 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/29 23:23:54.0251 26328 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/29 23:23:54.0282 26328 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/29 23:23:54.0360 26328 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/04/29 23:23:54.0423 26328 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/29 23:23:54.0470 26328 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/29 23:23:54.0532 26328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/04/29 23:23:54.0610 26328 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/29 23:23:54.0672 26328 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/29 23:23:54.0766 26328 HECI (66fed3eeabdce17829edf4c68702ed22) C:\Windows\system32\DRIVERS\HECI.sys
2011/04/29 23:23:54.0828 26328 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/29 23:23:54.0860 26328 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/29 23:23:54.0906 26328 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/29 23:23:54.0953 26328 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/29 23:23:55.0078 26328 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/04/29 23:23:55.0156 26328 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/29 23:23:55.0218 26328 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/29 23:23:55.0312 26328 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/29 23:23:55.0328 26328 iaNvStor (a24e4563c2c5f3b21189a1fdcdb16b06) C:\Windows\system32\DRIVERS\iaNvStor.sys
2011/04/29 23:23:55.0374 26328 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/29 23:23:55.0530 26328 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/29 23:23:55.0702 26328 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/29 23:23:55.0858 26328 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/29 23:23:55.0952 26328 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/29 23:23:56.0030 26328 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/29 23:23:56.0123 26328 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/29 23:23:56.0201 26328 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/29 23:23:56.0264 26328 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/29 23:23:56.0326 26328 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/04/29 23:23:56.0373 26328 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/29 23:23:56.0466 26328 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/29 23:23:56.0529 26328 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/29 23:23:56.0560 26328 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/29 23:23:56.0591 26328 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/29 23:23:56.0654 26328 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/29 23:23:56.0732 26328 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/29 23:23:56.0841 26328 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/29 23:23:56.0966 26328 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/29 23:23:57.0012 26328 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/29 23:23:57.0044 26328 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/29 23:23:57.0090 26328 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/29 23:23:57.0153 26328 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/29 23:23:57.0215 26328 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/29 23:23:57.0246 26328 mfeapfk (5cbf9d2fab2abc461b2f67c802f52543) C:\Windows\system32\drivers\mfeapfk.sys
2011/04/29 23:23:57.0293 26328 mfeavfk (10718b3eeb9e98c5b4aad7c0a23a9efa) C:\Windows\system32\drivers\mfeavfk.sys
2011/04/29 23:23:57.0324 26328 mfebopk (e665cff48e376b48d2cc84be1559f131) C:\Windows\system32\drivers\mfebopk.sys
2011/04/29 23:23:57.0356 26328 mfehidk (e2f200d38b72e47b88489e2c97dfd6d8) C:\Windows\system32\drivers\mfehidk.sys
2011/04/29 23:23:57.0402 26328 mferkdet (ef04236d1a4f9f672b5258de83e2ee35) C:\Windows\system32\drivers\mferkdet.sys
2011/04/29 23:23:57.0434 26328 mfetdik (d5a4b1ae4958ccfc66c1d17c1f42ba08) C:\Windows\system32\drivers\mfetdik.sys
2011/04/29 23:23:57.0480 26328 MGHwCtrl (e5292521916cea4937fbabcb1532f676) C:\Windows\system32\drivers\MGHwCtrl.sys
2011/04/29 23:23:57.0527 26328 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/29 23:23:57.0605 26328 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/29 23:23:57.0652 26328 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/29 23:23:57.0683 26328 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/29 23:23:57.0746 26328 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/29 23:23:57.0792 26328 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/29 23:23:57.0839 26328 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/29 23:23:57.0886 26328 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/29 23:23:57.0948 26328 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/04/29 23:23:58.0011 26328 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/29 23:23:58.0042 26328 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/29 23:23:58.0058 26328 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/29 23:23:58.0104 26328 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/29 23:23:58.0136 26328 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/29 23:23:58.0214 26328 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/29 23:23:58.0292 26328 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/29 23:23:58.0354 26328 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/29 23:23:58.0385 26328 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/29 23:23:58.0416 26328 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/29 23:23:58.0463 26328 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/04/29 23:23:58.0510 26328 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/29 23:23:58.0604 26328 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/29 23:23:58.0619 26328 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/04/29 23:23:58.0697 26328 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/29 23:23:58.0775 26328 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/04/29 23:23:58.0838 26328 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/29 23:23:58.0900 26328 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/29 23:23:58.0931 26328 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/29 23:23:58.0947 26328 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/29 23:23:58.0978 26328 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/29 23:23:59.0025 26328 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/29 23:23:59.0150 26328 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/04/29 23:23:59.0228 26328 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/29 23:23:59.0274 26328 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/04/29 23:23:59.0352 26328 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/04/29 23:23:59.0399 26328 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/29 23:23:59.0462 26328 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/04/29 23:23:59.0524 26328 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/29 23:23:59.0586 26328 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/29 23:23:59.0602 26328 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/29 23:23:59.0633 26328 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/29 23:23:59.0664 26328 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/29 23:23:59.0774 26328 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/29 23:23:59.0852 26328 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/04/29 23:23:59.0930 26328 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/04/29 23:23:59.0976 26328 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/29 23:24:00.0039 26328 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/04/29 23:24:00.0101 26328 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/04/29 23:24:00.0179 26328 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/29 23:24:00.0242 26328 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/29 23:24:00.0366 26328 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/29 23:24:00.0382 26328 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/29 23:24:00.0460 26328 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/29 23:24:00.0538 26328 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/29 23:24:00.0585 26328 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/29 23:24:00.0632 26328 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/29 23:24:00.0694 26328 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/29 23:24:00.0741 26328 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/29 23:24:00.0803 26328 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/29 23:24:00.0866 26328 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/29 23:24:00.0912 26328 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/29 23:24:00.0944 26328 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/29 23:24:01.0006 26328 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/29 23:24:01.0068 26328 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/29 23:24:01.0100 26328 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/04/29 23:24:01.0178 26328 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/04/29 23:24:01.0209 26328 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/04/29 23:24:01.0240 26328 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/04/29 23:24:01.0287 26328 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/29 23:24:01.0334 26328 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/29 23:24:01.0380 26328 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/29 23:24:01.0443 26328 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/29 23:24:01.0474 26328 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/29 23:24:01.0536 26328 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/29 23:24:01.0583 26328 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/29 23:24:01.0630 26328 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/29 23:24:01.0692 26328 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/29 23:24:01.0724 26328 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/29 23:24:01.0739 26328 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/29 23:24:01.0770 26328 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/29 23:24:01.0833 26328 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/29 23:24:01.0880 26328 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/29 23:24:01.0895 26328 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/29 23:24:01.0958 26328 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/04/29 23:24:02.0036 26328 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\Windows\system32\DRIVERS\snapman.sys
2011/04/29 23:24:02.0098 26328 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/29 23:24:02.0207 26328 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/04/29 23:24:02.0285 26328 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/29 23:24:02.0348 26328 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/29 23:24:02.0426 26328 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/04/29 23:24:02.0613 26328 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/29 23:24:02.0738 26328 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/29 23:24:02.0847 26328 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/29 23:24:02.0894 26328 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/29 23:24:02.0925 26328 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/29 23:24:03.0377 26328 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/04/29 23:24:03.0798 26328 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/29 23:24:04.0032 26328 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/29 23:24:04.0079 26328 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
2011/04/29 23:24:04.0142 26328 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/29 23:24:04.0188 26328 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/29 23:24:04.0235 26328 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/29 23:24:04.0313 26328 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/29 23:24:04.0422 26328 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\Windows\system32\DRIVERS\tifsfilt.sys
2011/04/29 23:24:04.0547 26328 timounter (74711884439bdf9ccf446c79cb05fac0) C:\Windows\system32\DRIVERS\timntr.sys
2011/04/29 23:24:04.0672 26328 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys
2011/04/29 23:24:04.0719 26328 tosrfbd (266df087a8c24da34ff40cf3df86ccfb) C:\Windows\system32\DRIVERS\tosrfbd.sys
2011/04/29 23:24:04.0750 26328 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys
2011/04/29 23:24:04.0781 26328 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys
2011/04/29 23:24:04.0797 26328 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2011/04/29 23:24:04.0828 26328 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
2011/04/29 23:24:04.0844 26328 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\Windows\system32\drivers\tosrfsnd.sys
2011/04/29 23:24:04.0906 26328 Tosrfusb (cdda265c7617a2745b48e0de572012a6) C:\Windows\system32\DRIVERS\tosrfusb.sys
2011/04/29 23:24:05.0031 26328 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/29 23:24:05.0093 26328 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/29 23:24:05.0140 26328 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/29 23:24:05.0171 26328 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/29 23:24:05.0280 26328 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/29 23:24:05.0343 26328 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/29 23:24:05.0390 26328 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/29 23:24:05.0421 26328 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/29 23:24:05.0436 26328 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/29 23:24:05.0499 26328 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/29 23:24:05.0639 26328 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/29 23:24:05.0686 26328 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/29 23:24:05.0733 26328 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/29 23:24:05.0826 26328 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/29 23:24:05.0904 26328 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/29 23:24:05.0982 26328 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/29 23:24:06.0060 26328 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/29 23:24:06.0123 26328 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/29 23:24:06.0185 26328 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/29 23:24:06.0279 26328 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/29 23:24:06.0357 26328 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/29 23:24:06.0404 26328 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/29 23:24:06.0466 26328 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/29 23:24:06.0497 26328 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/29 23:24:06.0513 26328 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/29 23:24:06.0560 26328 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/29 23:24:06.0684 26328 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/04/29 23:24:06.0747 26328 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/04/29 23:24:06.0794 26328 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/29 23:24:06.0840 26328 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/29 23:24:06.0887 26328 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/29 23:24:06.0934 26328 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/29 23:24:06.0996 26328 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/29 23:24:07.0215 26328 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/29 23:24:07.0605 26328 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/29 23:24:07.0683 26328 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/29 23:24:07.0776 26328 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/29 23:24:07.0917 26328 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/29 23:24:08.0151 26328 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/04/29 23:24:08.0213 26328 ================================================================================
2011/04/29 23:24:08.0213 26328 Scan finished
2011/04/29 23:24:08.0213 26328 ================================================================================


unhide habe ich gemacht und es ist alles wieder sichtbar.

cosinus 30.04.2011 02:20
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

TT-Fan 30.04.2011 12:08
Combofix Logfile:
Code:
ComboFix 11-04-29.03 - 462091 30.04.2011  10:15:01.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6001.1.1252.49.1031.18.2022.939 [GMT 2:00]
ausgeführt von:: c:\users\462091\Desktop\Cofi.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\462091\g2mdlhlpx.exe
c:\windows\system32\winio.vxd
.
----- BITS: Eventuell infizierte Webseiten -----
.
hxxp://autodiscover.xxx.de
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-28 bis 2011-04-30  ))))))))))))))))))))))))))))))
.
.
2011-04-30 08:24 . 2011-04-30 08:28        --------        d-----w-        c:\users\462091\AppData\Local\temp
2011-04-30 08:24 . 2011-04-30 08:24        --------        d-----w-        c:\users\postgres\AppData\Local\temp
2011-04-30 08:24 . 2011-04-30 08:24        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-30 08:09 . 2011-04-18 07:15        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{908B3B59-D939-40A4-8867-8BACEB04586D}\mpengine.dll
2011-04-30 08:09 . 2011-02-02 16:11        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-04-28 21:15 . 2011-04-28 21:15        --------        d-----w-        C:\_OTL
2011-04-27 11:22 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-04-27 11:22 . 2011-03-03 13:01        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 10:51 . 2011-04-27 10:51        --------        d-----w-        c:\users\462091\AppData\Roaming\Malwarebytes
2011-04-27 10:50 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 10:50 . 2011-04-27 10:50        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-27 10:50 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-27 10:50 . 2011-04-27 10:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-26 16:12 . 2011-04-26 16:12        --------        d-----w-        c:\users\462091\AppData\Local\Sunbelt Software
2011-04-26 16:04 . 2011-04-28 21:28        --------        d-----w-        c:\programdata\Lavasoft
2011-04-26 15:06 . 2011-04-26 15:06        --------        d-----w-        c:\programdata\WindowsSearch
2011-04-26 12:18 . 2011-04-26 12:18        --------        d-----w-        c:\program files\Enigma Software Group
2011-04-26 12:12 . 2011-04-26 12:12        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2011-04-14 06:30 . 2011-03-03 15:00        738816        ----a-w-        c:\windows\system32\inetcomm.dll
2011-04-14 06:30 . 2011-03-03 10:49        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-04-13 22:40 . 2011-04-13 22:40        4284416        ----a-w-        c:\windows\system32\GPhotos.scr
2011-04-04 13:17 . 1998-06-23 22:00        137000        ----a-w-        c:\windows\system32\MSMAPI32.OCX
2011-04-04 13:17 . 2001-10-28 14:42        116224        ----a-w-        c:\windows\system32\pdfcmnnt.dll
2011-04-04 13:17 . 1998-07-05 22:00        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL
2011-04-04 13:17 . 2011-04-04 13:18        --------        d-----w-        c:\program files\PDFCreator
2011-04-01 10:11 . 2011-03-18 17:56        142296        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-01 10:10 . 2011-03-18 17:56        781272        ----a-w-        c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-01 10:10 . 2011-03-18 17:56        728024        ----a-w-        c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-01 10:10 . 2011-03-18 17:56        1975768        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-01 10:10 . 2011-03-18 17:56        1893336        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-01 10:10 . 2011-03-18 17:56        1874904        ----a-w-        c:\program files\Mozilla Firefox\mozjs.dll
2011-04-01 10:10 . 2011-03-18 17:56        15832        ----a-w-        c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-01 10:10 . 2011-03-18 17:56        142296        ----a-w-        c:\program files\Mozilla Firefox\libEGL.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 14:56 . 2011-04-27 11:22        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-27 11:22        459776        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-27 11:22        2153984        ----a-w-        c:\windows\apppatch\AcGenral.dll
2011-03-03 14:56 . 2011-04-27 11:22        541696        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-02-17 06:47 . 2006-11-02 10:32        101888        ----a-w-        c:\windows\system32\ifxcardm.dll
2011-02-17 06:47 . 2006-11-02 10:32        82432        ----a-w-        c:\windows\system32\axaltocm.dll
2011-02-17 06:20 . 2011-02-17 06:34        47560        ----a-w-        c:\windows\system32\SPReview.exe
2011-02-17 06:20 . 2011-02-17 06:34        152576        ----a-w-        c:\windows\system32\SPWizUI.dll
2006-05-22 20:12 . 2008-05-15 10:55        81920        ----a-w-        c:\program files\uninstgs.exe
2011-03-18 17:56 . 2011-04-01 10:11        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2010-01-06 18:07 . 2009-09-28 11:05        23864        ----a-w-        c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 18:59        2953216        ----a-w-        c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 18:59        2953216        ----a-w-        c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-17 1194728]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-17 1966928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2009-07-26 78848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 18:46        90112        ----a-w-        c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^462091^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\462091\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^462091^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tournament Shark.lnk]
path=c:\users\462091\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tournament Shark.lnk
backup=c:\windows\pss\Tournament Shark.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04        39792        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 13:51        177440        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
2007-03-15 14:37        32768        ----a-w-        c:\windows\BisonCam\BisonHK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2007-03-15 14:34        172032        ----a-w-        c:\windows\BisonCam\BsMnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DameWare MRC Agent]
2009-07-26 13:44        78848        ----a-w-        c:\windows\System32\DWRCST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2009-08-06 15:59        381440        ----a-w-        c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33        141624        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 15:21        54832        ----a-w-        c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2007-09-07 14:38        561152        ----a-w-        c:\program files\System Control Manager\MGSysCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-03-28 18:23        49168        ----a-w-        c:\program files\Protector Suite QL\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 20:01        71216        ------w-        c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44        248552        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2008-01-04 10:02        222504        ------w-        c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar]
2009-03-18 16:17        4419824        ----a-w-        c:\users\462091\AppData\Roaming\UpdateStar\UpdateStar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-935411637-121726556-1431338135-1000]
"EnableNotificationsRef"=dword:00000001
.
R0 iaNvStor;Intel(R) Turbo Memory  Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-11-28 210432]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9d253cf6977e0;Google Update Service (gupdate1c9d253cf6977e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]
R2 SASRKServer;SASRKServer;c:\awd\ANGWIN\RK\STG\.kevuSSLVRKServer\SAS\SASRKSRV.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]
R3 IPOSCalcRep;IPOSCalcRep;c:\awd\AngWin\rk\idl\IPOSCalcRep.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-06 66600]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2010-01-06 22816]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-01-06 70728]
S2 msftesql$AWDVERTRIEB;SQL Server-Volltextsuche (AWDVERTRIEB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
S2 MSSQL$AWDVERTRIEB;SQL Server (AWDVERTRIEB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2007-08-23 61440]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-06-11 1489688]
S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 16:15]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 16:15]
.
2011-04-30 c:\windows\Tasks\User_Feed_Synchronization-{697CB72C-A473-4DF5-BC8B-CA29E7EFCA00}.job
- c:\windows\system32\msfeedssync.exe [2011-02-17 22:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: xxx.de
Trusted Zone: xxx.de\kvonline
FF - ProfilePath - c:\users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ShStatEXE - c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE
MSConfigStartUp-atchk - c:\program files\Intel\AMT Status\atchk.exe
MSConfigStartUp-ICQ - c:\progra~1\ICQ6.5\ICQ.exe
MSConfigStartUp-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
AddRemove-AFPL Ghostscript 8.53 - c:\programme\uninstgs.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql$AWDVERTRIEB]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:AWDVERTRIEB"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2488)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\DWRCS.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\conime.exe
c:\windows\System32\msdtc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-30  10:35:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-30 08:34
.
Vor Suchlauf: 18 Verzeichnis(se), 13.903.695.872 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 12.973.715.456 Bytes frei
.
- - End Of File - - 73011AC368C70F1B966F9F890AD8B083
--- --- ---

cosinus 01.05.2011 13:32
Zitat:
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2009-07-26 78848]
DameWare? Du weiß was das ist und das ist auch gewollt?

TT-Fan 01.05.2011 14:30
Zitat:
Zitat von cosinus (Beitrag 650602)
DameWare? Du weiß was das ist und das ist auch gewollt?
Ne weiß ich nicht und ich weiß auch nicht obs gewollt ist.

cosinus 01.05.2011 15:14
Hatte der PC einen Vorbesitzer bzw. steht/stand er im Büro? Vista Business ist im Heimbereich nämlich nicht wirklich üblich :pfeiff:

TT-Fan 01.05.2011 16:42
Ne hatte keinen Vorbesitzer. Es handelt sich um meinen (Firmen) Laptop deshalb Windows Buisness.

cosinus 01.05.2011 18:45
Und was sagst du das jetzt erst? Habt ihr keine EDV-Abteilung für sowas?

TT-Fan 01.05.2011 18:55
Ich wusste nicht das es wichtig ist. Ganz davon abgesehen nein, da ich Selbstständig war und die Tätigkeit jetzt aufgegeben habe.

cosinus 02.05.2011 10:37
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.


Code:
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DameWare MRC Agent"=-

File::
c:\windows\system32\DWRCST.exe
c:\windows\system32\DRIVERS\dwvkbd.sys

Driver::
dwvkbd
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

TT-Fan 02.05.2011 20:39
Combofix Logfile:
Code:
ComboFix 11-05-02.02 - 462091 02.05.2011  19:44:00.2.2 - x86
Microsoft® Windows Vista™ Business  6.0.6001.1.1252.49.1031.18.2022.1209 [GMT 2:00]
ausgeführt von:: c:\users\462091\Desktop\Cofi.exe
Benutzte Befehlsschalter :: c:\users\462091\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\dwvkbd.sys"
"c:\windows\system32\DWRCST.exe"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\DRIVERS\dwvkbd.sys
c:\windows\system32\DWRCST.exe
.
----- BITS: Eventuell infizierte Webseiten -----
.
hxxp://autodiscover.xxx.de
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_dwvkbd
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-02 bis 2011-05-02  ))))))))))))))))))))))))))))))
.
.
2011-05-02 17:52 . 2011-05-02 17:52        --------        d-----w-        c:\users\postgres\AppData\Local\temp
2011-05-02 17:52 . 2011-05-02 17:52        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-30 08:24 . 2011-05-02 19:32        --------        d-----w-        c:\users\462091\AppData\Local\temp
2011-04-30 08:09 . 2011-04-18 07:15        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{908B3B59-D939-40A4-8867-8BACEB04586D}\mpengine.dll
2011-04-30 08:09 . 2011-02-02 16:11        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-04-28 21:15 . 2011-04-28 21:15        --------        d-----w-        C:\_OTL
2011-04-27 11:22 . 2011-03-03 14:56        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-04-27 11:22 . 2011-03-03 13:01        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 10:51 . 2011-04-27 10:51        --------        d-----w-        c:\users\462091\AppData\Roaming\Malwarebytes
2011-04-27 10:50 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 10:50 . 2011-04-27 10:50        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-27 10:50 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-27 10:50 . 2011-04-27 10:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-26 16:12 . 2011-04-26 16:12        --------        d-----w-        c:\users\462091\AppData\Local\Sunbelt Software
2011-04-26 16:04 . 2011-04-28 21:28        --------        d-----w-        c:\programdata\Lavasoft
2011-04-26 15:06 . 2011-04-26 15:06        --------        d-----w-        c:\programdata\WindowsSearch
2011-04-26 12:18 . 2011-04-26 12:18        --------        d-----w-        c:\program files\Enigma Software Group
2011-04-26 12:12 . 2011-04-26 12:12        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2011-04-14 06:30 . 2011-03-03 15:00        738816        ----a-w-        c:\windows\system32\inetcomm.dll
2011-04-14 06:30 . 2011-03-03 10:49        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-04-13 22:40 . 2011-04-13 22:40        4284416        ----a-w-        c:\windows\system32\GPhotos.scr
2011-04-04 13:17 . 1998-06-23 22:00        137000        ----a-w-        c:\windows\system32\MSMAPI32.OCX
2011-04-04 13:17 . 2001-10-28 14:42        116224        ----a-w-        c:\windows\system32\pdfcmnnt.dll
2011-04-04 13:17 . 1998-07-05 22:00        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL
2011-04-04 13:17 . 2011-04-04 13:18        --------        d-----w-        c:\program files\PDFCreator
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 14:56 . 2011-04-27 11:22        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-27 11:22        459776        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-27 11:22        2153984        ----a-w-        c:\windows\apppatch\AcGenral.dll
2011-03-03 14:56 . 2011-04-27 11:22        541696        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-02-17 06:47 . 2006-11-02 10:32        101888        ----a-w-        c:\windows\system32\ifxcardm.dll
2011-02-17 06:47 . 2006-11-02 10:32        82432        ----a-w-        c:\windows\system32\axaltocm.dll
2011-02-17 06:20 . 2011-02-17 06:34        47560        ----a-w-        c:\windows\system32\SPReview.exe
2011-02-17 06:20 . 2011-02-17 06:34        152576        ----a-w-        c:\windows\system32\SPWizUI.dll
2006-05-22 20:12 . 2008-05-15 10:55        81920        ----a-w-        c:\program files\uninstgs.exe
2011-03-18 17:56 . 2011-04-01 10:11        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2010-01-06 18:07 . 2009-09-28 11:05        23864        ----a-w-        c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 18:59        2953216        ----a-w-        c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 18:59        2953216        ----a-w-        c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-17 1194728]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-17 1966928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 149024]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 18:46        90112        ----a-w-        c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^462091^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\462091\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^462091^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tournament Shark.lnk]
path=c:\users\462091\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tournament Shark.lnk
backup=c:\windows\pss\Tournament Shark.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04        39792        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 13:51        177440        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
2007-03-15 14:37        32768        ----a-w-        c:\windows\BisonCam\BisonHK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2007-03-15 14:34        172032        ----a-w-        c:\windows\BisonCam\BsMnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2009-08-06 15:59        381440        ----a-w-        c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33        141624        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 15:21        54832        ----a-w-        c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2007-09-07 14:38        561152        ----a-w-        c:\program files\System Control Manager\MGSysCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-03-28 18:23        49168        ----a-w-        c:\program files\Protector Suite QL\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 20:01        71216        ------w-        c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44        248552        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2008-01-04 10:02        222504        ------w-        c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar]
2009-03-18 16:17        4419824        ----a-w-        c:\users\462091\AppData\Roaming\UpdateStar\UpdateStar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-935411637-121726556-1431338135-1000]
"EnableNotificationsRef"=dword:00000001
.
R0 iaNvStor;Intel(R) Turbo Memory  Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-11-28 210432]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9d253cf6977e0;Google Update Service (gupdate1c9d253cf6977e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]
R2 SASRKServer;SASRKServer;c:\awd\ANGWIN\RK\STG\.kevuSSLVRKServer\SAS\SASRKSRV.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]
R3 IPOSCalcRep;IPOSCalcRep;c:\awd\AngWin\rk\idl\IPOSCalcRep.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-06 66600]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2010-01-06 22816]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-01-06 70728]
S2 msftesql$AWDVERTRIEB;SQL Server-Volltextsuche (AWDVERTRIEB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
S2 MSSQL$AWDVERTRIEB;SQL Server (AWDVERTRIEB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2007-08-23 61440]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-06-11 1489688]
S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 16:15]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 16:15]
.
2011-05-02 c:\windows\Tasks\User_Feed_Synchronization-{697CB72C-A473-4DF5-BC8B-CA29E7EFCA00}.job
- c:\windows\system32\msfeedssync.exe [2011-02-17 22:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: xxx.de
Trusted Zone: xxx.de\kvonline
FF - ProfilePath - c:\users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-DameWare MRC Agent - c:\windows\system32\DWRCST.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-02 21:34
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql$AWDVERTRIEB]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:AWDVERTRIEB"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3960)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\DWRCS.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\msdtc.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-02  21:37:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-02 19:37
ComboFix2.txt  2011-04-30 08:35
.
Vor Suchlauf: 20 Verzeichnis(se), 13.595.824.128 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 13.383.163.904 Bytes frei
.
- - End Of File - - C39CE24DA2F032948C2FE690E1076E01
--- --- ---

cosinus 02.05.2011 21:02
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

TT-Fan 02.05.2011 22:09
Gmer

GMER Logfile:
Code:
GMER 1.0.15.15572 - hxxp://www.gmer.net
Rootkit scan 2011-05-02 23:07:58
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: h52ms1nj.exe; Driver: C:\Users\462091\AppData\Local\Temp\awldqpog.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwCreateProcess [0x8819E5E8]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwCreateProcessEx [0x8819E5FC]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwSetContextThread [0x8819E63A]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwSetInformationProcess [0x8819E626]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwTerminateProcess [0x8819E5D4]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              ZwCreateUserProcess [0x8819E612]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                              NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

PAGE            ntkrnlpa.exe!ZwCreateUserProcess                                                                        823D8E26 5 Bytes  JMP 8819E616 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwTerminateProcess                                                                          823F32F0 5 Bytes  JMP 8819E5D8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtSetInformationProcess                                                                    82444A24 5 Bytes  JMP 8819E62A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateProcess                                                                            824A472B 5 Bytes  JMP 8819E5EC \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                          824A4776 7 Bytes  JMP 8819E600 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwSetContextThread                                                                          824A5233 5 Bytes  JMP 8819E63E \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
?              C:\Cofi\catchme.sys                                                                                      Das System kann den angegebenen Pfad nicht finden. !
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                              Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\system32\mfevtps.exe[2340] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW]  [00405995] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT            C:\Windows\system32\mfevtps.exe[2340] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]      [004059CB] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                  Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

AttachedDevice                                                                                                          mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                  mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device                                                                                                                  rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                  snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                  timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                  snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                  timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                  snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                  timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                  mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device                                                                                                                  Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                    sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
--- --- ---

TT-Fan 02.05.2011 22:15
OSAM

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:14:26 on 02.05.2011

OS: Windows Vista Business Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16386

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl
"Odbccp32.cpl" - "Microsoft Corporation" - C:\Windows\system32\Odbccp32.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\Protector Suite QL\infopnl.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\Windows\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\Windows\System32\DRIVERS\tifsfilt.sys
"awldqpog" (awldqpog) - ? - C:\Users\462091\AppData\Local\Temp\awldqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"catchme" (catchme) - ? - C:\Cofi\catchme.sys  (File not found)
"esgiguard" (esgiguard) - ? - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)
"mbr" (mbr) - ? - C:\Users\462091\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"McAfee Inc. mfeapfk" (mfeapfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeapfk.sys
"McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys
"McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys
"McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys
"McAfee Inc. mferkdet" (mferkdet) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdet.sys
"McAfee Inc. mfetdik" (mfetdik) - "McAfee, Inc." - C:\Windows\System32\drivers\mfetdik.sys
"MGHwCtrl" (MGHwCtrl) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\MGHwCtrl.sys
"Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys  (File not found)
"{95808DC4-FA4A-4C74-92FE-5B863F82066B}" ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Program Files\CyberLink\PowerDVD\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - ? - C:\Program Files\7-Zip\7-zip.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{E463ADAF-4707-4997-9BFC-13BF91A2810B} "DMRC Shell Extension" - "DameWare Development LLC" - C:\Windows\system32\DWRCSh32.DLL
{D3F9CF10-424C-4678-9A28-B0F62D2550DD} "DWRCShell" - "DameWare Development LLC" - C:\Windows\system32\DWRCShell.DLL
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "Safearchive ShellFolder Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR 3.61 Multi\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.5.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} "Java Plug-in 1.5.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10p.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -  (File not found | COM-object registry key not found)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\462091\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"TrueImageMonitor.exe" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"35C-4 Series PCL Language Monitor" - "KONICA MINOLTA BUSINESS TECHNOLOGIES, INC." - C:\Windows\system32\KOAZXJAL.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"DameWare Mini Remote Control" (DWMRCS) - "DameWare Development LLC" - C:\Windows\System32\DWRCS.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate1c9d253cf6977e0)" (gupdate1c9d253cf6977e0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"Intel(R) Active Management Technology Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\AMT\LMS.exe
"Intel(R) Active Management Technology System Status Service" (atchksrv) - "Intel Corporation" - C:\Program Files\Intel\AMT\atchksrv.exe
"Intel(R) Active Management Technology User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\AMT\UNS.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IPOSCalcRep" (IPOSCalcRep) - ? - C:\AWD\AngWin\rk\idl\IPOSCalcRep.exe  (File not found)
"McAfee Engine Service" (McAfeeEngineService) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Windows\system32\mfevtps.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SASRKServer" (SASRKServer) - ? - C:\AWD\ANGWIN\RK\STG\.kevuSSLVRKServer\SAS\SASRKSRV.exe "C:\AWD\ANGWIN\RK\STG"  (File not found)
"SCM Driver Daemon" (NishService) - ? - C:\Program Files\System Control Manager\edd.exe  (File found, but it contains no detailed information)
"SQL Server (AWDVERTRIEB)" (MSSQL$AWDVERTRIEB) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Volltextsuche (AWDVERTRIEB)" (msftesql$AWDVERTRIEB) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "ScreenTime Media" - C:\Windows\system32\JOERGL~2.SCR
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


und mbr

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Micro-Star International
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MICRO-STAR INT'L CO.,LTD
System Product Name: PR620
Logical Drives Mask: 0x00000034

Kernel Drivers (total 165):
0x82210000 \SystemRoot\system32\ntkrnlpa.exe
0x825C9000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046B000 \SystemRoot\system32\PSHED.dll
0x8047C000 \SystemRoot\system32\BOOTVID.dll
0x80484000 \SystemRoot\system32\CLFS.SYS
0x804C5000 \SystemRoot\system32\CI.dll
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80694000 \SystemRoot\system32\drivers\acpi.sys
0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EB000 \SystemRoot\system32\drivers\pci.sys
0x80712000 \SystemRoot\System32\drivers\partmgr.sys
0x80721000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80724000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072E000 \SystemRoot\system32\drivers\volmgr.sys
0x8073D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80787000 \SystemRoot\system32\drivers\intelide.sys
0x8078E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079C000 \SystemRoot\system32\drivers\pciide.sys
0x807A3000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807D0000 \SystemRoot\System32\drivers\mountmgr.sys
0x807E0000 \SystemRoot\system32\drivers\atapi.sys
0x805E1000 \SystemRoot\system32\drivers\ataport.SYS
0x807E8000 \SystemRoot\system32\drivers\msahci.sys
0x82C0B000 \SystemRoot\system32\drivers\fltmgr.sys
0x82C3D000 \SystemRoot\system32\drivers\fileinfo.sys
0x82C4D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82CBE000 \SystemRoot\system32\drivers\ndis.sys
0x82DC9000 \SystemRoot\system32\drivers\msrpc.sys
0x82E0F000 \SystemRoot\system32\drivers\NETIO.SYS
0x82E49000 \SystemRoot\System32\drivers\tcpip.sys
0x82F32000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82F4D000 \SystemRoot\system32\DRIVERS\timntr.sys
0x88003000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88112000 \SystemRoot\system32\drivers\volsnap.sys
0x8814B000 \SystemRoot\System32\Drivers\spldr.sys
0x88153000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8816E000 \SystemRoot\System32\Drivers\mup.sys
0x8817D000 \SystemRoot\system32\drivers\mfehidk.sys
0x881CF000 \SystemRoot\System32\drivers\ecache.sys
0x82FAD000 \SystemRoot\system32\drivers\disk.sys
0x82FBE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x881F6000 \SystemRoot\system32\drivers\crcdisk.sys
0x82E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82DF4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x805A5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BE06000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8C43D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C4DC000 \SystemRoot\System32\drivers\watchdog.sys
0x8C4E9000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x8C524000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C52F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C56D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C57C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C804000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8CA2B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CA3B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CA49000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8CA63000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8CA72000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8CA86000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8CAD7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CAEA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CAF5000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CB20000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CB22000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CB2D000 \SystemRoot\system32\DRIVERS\serial.sys
0x8CB47000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8CB51000 \SystemRoot\system32\DRIVERS\nscirda.sys
0x8CB59000 \SystemRoot\system32\drivers\irenum.sys
0x8CB62000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CB66000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CB7E000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8CB84000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x8CB94000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8CB9C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C58E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CBCA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CBD5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CBEC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C5CF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x805B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805C3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CC00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CC15000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8CC9E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CCAE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CCB0000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CCDA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CCE4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CCF1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CD25000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x8CD30000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8DC06000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8DDC6000 \SystemRoot\system32\drivers\portcls.sys
0x8CD41000 \SystemRoot\system32\drivers\drmk.sys
0x8E004000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8E120000 \SystemRoot\system32\drivers\modem.sys
0x8E12D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E136000 \SystemRoot\System32\Drivers\Null.SYS
0x8E13D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E14D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E154000 \SystemRoot\System32\drivers\vga.sys
0x8E160000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E181000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E189000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E191000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E19C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E1AA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E1B3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E1C9000 \SystemRoot\system32\drivers\mfetdik.sys
0x8E1D7000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CD66000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CD98000 \SystemRoot\system32\drivers\afd.sys
0x8CDE0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E1EB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E408000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E41B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E457000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E461000 \SystemRoot\system32\drivers\csc.sys
0x8E4BB000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E4D2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8E4DB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E4EB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8E4F3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E500000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8E50B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8E513000 \SystemRoot\System32\Drivers\tcusb.sys
0x976F0000 \SystemRoot\System32\win32k.sys
0x8E51D000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E527000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97910000 \SystemRoot\System32\TSDDD.dll
0x97930000 \SystemRoot\System32\cdd.dll
0x8E536000 \SystemRoot\system32\drivers\luafv.sys
0x8E551000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xAAC0D000 \SystemRoot\system32\drivers\spsys.sys
0xAACBC000 \SystemRoot\system32\DRIVERS\irda.sys
0xAACDA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAACEA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAAD14000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAAD1E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAD31000 \SystemRoot\system32\drivers\HTTP.sys
0xAAD9E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAADBB000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAADD4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8E561000 \SystemRoot\system32\drivers\mrxdav.sys
0x8E581000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8E5A0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8E5D9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAC40C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAC434000 \SystemRoot\System32\DRIVERS\srv.sys
0xAC49B000 \SystemRoot\system32\drivers\peauth.sys
0xAC579000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAC583000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAC58F000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
0xAC591000 \??\C:\Windows\system32\drivers\MGHwCtrl.sys
0xAC59B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAC5B8000 \??\C:\Cofi\catchme.sys
0xAC5C0000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xAC5C2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAC5CB000 \??\C:\Users\462091\AppData\Local\Temp\awldqpog.sys
0x77C20000 \Windows\System32\ntdll.dll

Processes (total 58):
0 System Idle Process
4 System
588 C:\Windows\System32\smss.exe
732 csrss.exe
776 C:\Windows\System32\wininit.exe
784 csrss.exe
820 C:\Windows\System32\services.exe
848 C:\Windows\System32\winlogon.exe
876 C:\Windows\System32\lsass.exe
884 C:\Windows\System32\lsm.exe
1036 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\audiodg.exe
1432 C:\Windows\System32\SLsvc.exe
1524 C:\Windows\System32\svchost.exe
1652 C:\Windows\System32\svchost.exe
1824 C:\Program Files\Protector Suite QL\upeksvr.exe
388 C:\Windows\System32\spoolsv.exe
452 C:\Windows\System32\svchost.exe
976 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
1268 C:\Windows\System32\agrsmsvc.exe
2016 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1144 C:\Program Files\Intel\AMT\atchksrv.exe
1864 C:\Program Files\Bonjour\mDNSResponder.exe
2068 C:\Windows\System32\DWRCS.exe
2192 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2232 C:\Program Files\Intel\AMT\LMS.exe
2328 C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
2340 C:\Windows\System32\mfevtps.exe
2376 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
2416 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2464 C:\Program Files\System Control Manager\edd.exe
2520 C:\Windows\System32\svchost.exe
2576 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2624 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2660 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2680 C:\Windows\System32\svchost.exe
2704 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2784 C:\Program Files\Intel\AMT\UNS.exe
2860 C:\Windows\System32\svchost.exe
2892 C:\Windows\System32\SearchIndexer.exe
3660 C:\Windows\System32\taskeng.exe
2432 C:\Windows\System32\msdtc.exe
3408 C:\Windows\System32\dwm.exe
1460 C:\Windows\System32\taskeng.exe
1580 C:\Windows\System32\conime.exe
3924 C:\Windows\System32\wuauclt.exe
3960 C:\Windows\explorer.exe
4032 C:\Program Files\Windows Media Player\wmpnscfg.exe
2484 C:\Program Files\Windows Media Player\wmpnetwk.exe
4868 C:\Program Files\Internet Explorer\ieuser.exe
5728 C:\Windows\System32\SearchProtocolHost.exe
4092 C:\Windows\System32\SearchFilterHost.exe
4584 C:\Users\462091\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`77100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`90a00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-22RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 02.05.2011 22:46
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

TT-Fan 09.05.2011 06:43
Sry war ne Woche weg und bin noch 2 Tage beschäftigt, komme erst Mittwoch dazu.

cosinus 09.05.2011 13:12
Ok, dann mach es Mittwoch. Aber wie gesagt vorher am besten alle wichtigen Daten sichern.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131