Trojaner-Board - Trojaner TR/Kazy.mekml.1

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Trojaner TR/Kazy.mekml.1 (https://www.trojaner-board.de/98343-trojaner-tr-kazy-mekml-1-a.html)

Trojaner TR/Kazy.mekml.1

Hallo,

habe mir wohl auch diesen Trojaner eingefangen.
Mein Desktop ist schwarz und es fehlt ne ganze Menge.
Habe auch schon das mit der load.exe probiert aber die sachen sind gleich wieder von meinem Desktop verschwunden.
Ich habe jetzt die mbam log-datei und die beiden otl-log-datein erstellt, ich hoffe das ist so richtig.

Danke im vorraus für eure hilfe

:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

:OTL

PRC - C:\ProgramData\qSsBwhAkulOsDNp.exe (WinTrust)

O4 - HKCU..\Run: [qSsBwhAkulOsDNp] C:\ProgramData\qSsBwhAkulOsDNp.exe (WinTrust)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{6ddba7fa-4dbb-11de-ae2d-001d72dad057}\Shell - "" = AutoRun

O33 - MountPoints2\{6ddba7fa-4dbb-11de-ae2d-001d72dad057}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe

O33 - MountPoints2\{81e1ee52-d920-11df-a4a6-001d72dad057}\Shell - "" = AutoRun

O33 - MountPoints2\{81e1ee52-d920-11df-a4a6-001d72dad057}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\{985a066c-b9ba-11df-be34-001d72dad057}\Shell - "" = AutoRun

O33 - MountPoints2\{985a066c-b9ba-11df-be34-001d72dad057}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta

O33 - MountPoints2\{b07d2a78-b7ee-11df-adeb-001d72dad057}\Shell - "" = AutoRun

O33 - MountPoints2\{b07d2a78-b7ee-11df-adeb-001d72dad057}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta

O33 - MountPoints2\{b1907d8b-9611-11de-b779-00215d55fee6}\Shell - "" = AutoRun

O33 - MountPoints2\{b1907d8b-9611-11de-b779-00215d55fee6}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{b1907da6-9611-11de-b779-00215d55fee6}\Shell - "" = AutoRun

O33 - MountPoints2\{b1907da6-9611-11de-b779-00215d55fee6}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{bae4b491-8e77-11de-b9bb-001d72dad057}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe

O33 - MountPoints2\{e6007649-9613-11de-9354-00215d55fee6}\Shell - "" = AutoRun

O33 - MountPoints2\{e6007649-9613-11de-9354-00215d55fee6}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{e600764b-9613-11de-9354-00215d55fee6}\Shell - "" = AutoRun

O33 - MountPoints2\{e600764b-9613-11de-9354-00215d55fee6}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F3176E45

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A696643D

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:580E04D8

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5711EF65

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:193426B4

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP;)88D995C

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5D10517E

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4CF61E54

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:861A898F

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4BB26BE9

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60

[2011.04.27 07:52:22 | 000,573,440 | -H-- | C] (WinTrust) -- C:\ProgramData\qSsBwhAkulOsDNp.exe

[2011.04.27 07:52:20 | 000,573,440 | -H-- | C] (WinTrust) -- C:\Users\Toni\Desktop\null0.7396047803483226.exe

:Commands

[purity]

[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

netsvcs

drivers32 /all

%SYSTEMDRIVE%\*.*

%systemroot%\system32\*.wt

%systemroot%\system32\*.ruy

%systemroot%\Fonts\*.com

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\system32\spool\prtprocs\w32x86\*.*

%systemroot%\REPAIR\*.bak1

%systemroot%\REPAIR\*.ini

%systemroot%\system32\*.jpg

%systemroot%\*.scr

%systemroot%\*._sy

%APPDATA%\Adobe\Update\*.*

%ALLUSERSPROFILE%\Favorites\*.*

%APPDATA%\Microsoft\*.*

%PROGRAMFILES%\*.*

%APPDATA%\Update\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\user32.dll /md5

%systemroot%\system32\ws2_32.dll /md5

%systemroot%\system32\ws2help.dll /md5

/md5start

explorer.exe

winlogon.exe

wininit.exe

/md5stop

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 3

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.
Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system?
Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird Gmer beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

also hier ist schritt eins:

code:

All processes killed
========== OTL ==========
No active process named qSsBwhAkulOsDNp.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qSsBwhAkulOsDNp deleted successfully.
C:\ProgramData\qSsBwhAkulOsDNp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ddba7fa-4dbb-11de-ae2d-001d72dad057}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ddba7fa-4dbb-11de-ae2d-001d72dad057}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ddba7fa-4dbb-11de-ae2d-001d72dad057}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ddba7fa-4dbb-11de-ae2d-001d72dad057}\ not found.
File G:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e1ee52-d920-11df-a4a6-001d72dad057}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81e1ee52-d920-11df-a4a6-001d72dad057}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e1ee52-d920-11df-a4a6-001d72dad057}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81e1ee52-d920-11df-a4a6-001d72dad057}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{985a066c-b9ba-11df-be34-001d72dad057}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{985a066c-b9ba-11df-be34-001d72dad057}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{985a066c-b9ba-11df-be34-001d72dad057}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{985a066c-b9ba-11df-be34-001d72dad057}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b07d2a78-b7ee-11df-adeb-001d72dad057}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b07d2a78-b7ee-11df-adeb-001d72dad057}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b07d2a78-b7ee-11df-adeb-001d72dad057}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b07d2a78-b7ee-11df-adeb-001d72dad057}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1907d8b-9611-11de-b779-00215d55fee6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1907d8b-9611-11de-b779-00215d55fee6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1907d8b-9611-11de-b779-00215d55fee6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1907d8b-9611-11de-b779-00215d55fee6}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1907da6-9611-11de-b779-00215d55fee6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1907da6-9611-11de-b779-00215d55fee6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1907da6-9611-11de-b779-00215d55fee6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1907da6-9611-11de-b779-00215d55fee6}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bae4b491-8e77-11de-b9bb-001d72dad057}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bae4b491-8e77-11de-b9bb-001d72dad057}\ not found.
File G:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6007649-9613-11de-9354-00215d55fee6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6007649-9613-11de-9354-00215d55fee6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6007649-9613-11de-9354-00215d55fee6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6007649-9613-11de-9354-00215d55fee6}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e600764b-9613-11de-9354-00215d55fee6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e600764b-9613-11de-9354-00215d55fee6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e600764b-9613-11de-9354-00215d55fee6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e600764b-9613-11de-9354-00215d55fee6}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
ADS C:\ProgramData\TEMP:F3176E45 deleted successfully.
ADS C:\ProgramData\TEMP:A696643D deleted successfully.
ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.
ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
ADS C:\ProgramData\TEMP:5711EF65 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:193426B4 deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP;)88D995C .
ADS C:\ProgramData\TEMP:5D10517E deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:2B99FE60 deleted successfully.
File C:\ProgramData\qSsBwhAkulOsDNp.exe not found.
C:\Users\Toni\Desktop\null0.7396047803483226.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nadine
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NeroMediaHomeUser.4
->Temp folder emptied: 7168 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Toni
->Temp folder emptied: 239784 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 574 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1248 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04272011_231130

Files\Folders moved on Reboot...
C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\etilqs_g3j49ThAWmSxGcGhFr7g moved successfully.
C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp\etilqs_g3j49ThAWmSxGcGhFr7g-journal moved successfully.

Registry entries deleted on Reboot...

hier schritt zwei allerdings, habe ich die datei extra.txt nicht erhalten

Code:

OTL logfile created on: 27.04.2011 23:18:03 - Run 3

OTL by OldTimer - Version 3.2.22.3     Folder = G:\

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19048)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 142,65 Gb Total Space | 59,51 Gb Free Space | 41,71% Space Free | Partition Type: NTFS

Drive D: | 142,67 Gb Total Space | 22,03 Gb Free Space | 15,44% Space Free | Partition Type: NTFS

Drive G: | 14,89 Gb Total Space | 1,13 Gb Free Space | 7,60% Space Free | Partition Type: FAT32

 

Computer Name: TONIS-SCHLEPPI | User Name: Toni | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Toni\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - G:\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)

PRC - C:\Programme\XSManager\WTGService.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Programme\maxdome\DCBin\DCService.exe (Entriq, Inc.)

PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()

PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)

PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()

PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)

PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

PRC - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)

PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

PRC - C:\Acer\Mobility Center\MobilityService.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - G:\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)

SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()

SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)

SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)

SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (Prosieben) -- C:\Program Files\maxdome\DCBin\DCService.exe (Entriq, Inc.)

SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()

SRV - (TDslMgrService) -- C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)

SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()

SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (NeroMediaHomeService.4) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)

SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)

DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)

DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI)

DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation)

DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation)

DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation)

DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation)

DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation)

DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_5930

IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7

FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

 

 

[2009.08.21 20:58:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Extensions

[2009.08.21 20:58:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2008.11.26 16:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

 

O1 HOSTS File: ([2011.04.27 17:59:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} -  File not found

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} -  File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 [2011.02.13 18:26:56 | 000,000,000 | ---D | M]

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()

O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: gamepoint.de ([www] https in Vertrauenswürdige Sites)

O15 - HKCU\..Trusted Domains: navigram.com ([www] https in Vertrauenswürdige Sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} https://account.maxdome.de/presentation/script/HWTest.CAB (HWTest.HWTestControl)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan-canvasx.cab (JordanUploader Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226775789563 (MUWebControl Class)

O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {98474E4F-5229-4CAC-9E28-6D52D992268D} hxxp://kpscdhaendler.ar-live.de/afc-frontend/main/Setup_AFC_ONLINE_2_7_0_3_STANDARD.cab (AS_AR_Control Light Control)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()

O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)

O24 - Desktop WallPaper: C:\Users\Toni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Toni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)

Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()

Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)

Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.27 21:14:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.04.27 21:14:13 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2011.04.27 21:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011.04.27 20:57:16 | 000,791,393 | -H-- | C] (Lars Hederer                                                ) -- C:\Users\Toni\Desktop\Erunt-setup.exe

[2011.04.27 20:57:16 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe

[2011.04.27 20:57:16 | 000,446,464 | -H-- | C] (OldTimer Tools) -- C:\Users\Toni\Desktop\TFC.exe

[2011.04.27 17:22:07 | 000,000,000 | -H-D | C] -- C:\Users\Toni\AppData\Roaming\Malwarebytes

[2011.04.27 17:22:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.04.27 17:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.04.27 17:21:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes

[2011.04.27 17:21:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.04.27 17:21:55 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.04.19 07:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.04.19 07:46:24 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2011.04.19 07:46:21 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2011.04.19 07:44:17 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour

[2011.04.01 21:27:02 | 000,000,000 | -H-D | C] -- C:\Users\Toni\AppData\Roaming\Simfy

[2011.04.01 21:27:00 | 000,000,000 | ---D | C] -- C:\Programme\simfy

[2011.04.01 21:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy

[2008.10.17 05:15:36 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.27 23:21:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.04.27 23:21:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.04.27 23:21:05 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.04.27 23:21:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.04.27 23:20:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CA0E136-6AAF-4555-9DA6-79992AB719F2}.job

[2011.04.27 23:13:39 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2011.04.27 23:13:38 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job

[2011.04.27 23:13:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2011.04.27 23:13:25 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.27 23:13:25 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.27 23:13:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.04.27 23:13:06 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.27 23:12:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011.04.27 22:06:06 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{17657013-1DD7-4F20-A29C-8ACF8A4BCC3C}.job

[2011.04.27 21:14:14 | 000,000,737 | -H-- | M] () -- C:\Users\Toni\Desktop\NTREGOPT.lnk

[2011.04.27 21:14:13 | 000,000,718 | -H-- | M] () -- C:\Users\Toni\Desktop\ERUNT.lnk

[2011.04.27 20:57:33 | 000,301,568 | -H-- | M] () -- C:\Users\Toni\Desktop\g2m3e4r.exe

[2011.04.27 20:57:32 | 000,791,393 | -H-- | M] (Lars Hederer                                                ) -- C:\Users\Toni\Desktop\Erunt-setup.exe

[2011.04.27 20:57:21 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe

[2011.04.27 20:57:21 | 000,446,464 | -H-- | M] (OldTimer Tools) -- C:\Users\Toni\Desktop\TFC.exe

[2011.04.27 18:08:46 | 000,504,657 | -H-- | M] () -- C:\Users\Toni\Desktop\unhide.exe

[2011.04.27 17:59:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2011.04.27 08:30:20 | 000,130,048 | -H-- | M] () -- C:\Users\Toni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.27 08:16:07 | 000,169,830 | -H-- | M] () -- C:\ProgramData\nvModes.001

[2011.04.20 15:47:23 | 000,169,830 | -H-- | M] () -- C:\ProgramData\nvModes.dat

[2011.04.14 16:40:15 | 000,343,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.04.13 21:41:12 | 000,000,104 | -H-- | M] () -- C:\Users\Toni\Desktop\E-Mail - Verknüpfung.lnk

[2011.04.09 22:02:38 | 002,058,645 | -H-- | M] () -- C:\Users\Toni\Desktop\Foto.JPG

[2011.04.05 07:31:32 | 000,001,441 | -H-- | M] () -- C:\Users\Toni\Desktop\DivX Movies.lnk

 
 ========== Files Created - No Company Name ==========

 

[2011.04.27 21:14:14 | 000,000,737 | -H-- | C] () -- C:\Users\Toni\Desktop\NTREGOPT.lnk

[2011.04.27 21:14:13 | 000,000,718 | -H-- | C] () -- C:\Users\Toni\Desktop\ERUNT.lnk

[2011.04.27 20:57:17 | 000,301,568 | -H-- | C] () -- C:\Users\Toni\Desktop\g2m3e4r.exe

[2011.04.27 18:08:39 | 000,504,657 | -H-- | C] () -- C:\Users\Toni\Desktop\unhide.exe

[2011.04.13 21:41:12 | 000,000,104 | -H-- | C] () -- C:\Users\Toni\Desktop\E-Mail - Verknüpfung.lnk

[2011.04.09 22:02:38 | 002,058,645 | -H-- | C] () -- C:\Users\Toni\Desktop\Foto.JPG

[2011.04.05 07:31:32 | 000,001,441 | -H-- | C] () -- C:\Users\Toni\Desktop\DivX Movies.lnk

[2011.01.26 22:57:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011.01.26 22:57:09 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011.01.26 22:57:09 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011.01.26 22:57:09 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2010.07.25 14:27:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.04.22 08:59:31 | 000,000,016 | -H-- | C] () -- C:\Users\Toni\AppData\Roaming\kcmdte.dat

[2010.04.22 08:59:30 | 000,000,004 | -H-- | C] () -- C:\Users\Toni\AppData\Roaming\avdrn.dat

[2010.01.29 09:59:15 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll

[2010.01.29 09:59:15 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll

[2010.01.29 09:53:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll

[2010.01.29 09:53:02 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini

[2010.01.16 18:26:09 | 000,007,592 | -H-- | C] () -- C:\Users\Toni\AppData\Local\d3d9caps.dat

[2009.10.31 16:21:19 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009.10.30 09:23:22 | 000,000,032 | ---- | C] () -- C:\Windows\azeugnis.INI

[2009.09.12 09:49:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.09.12 09:49:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009.04.08 20:52:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\OptCVw7.dll

[2009.04.08 20:52:04 | 000,172,032 | ---- | C] () -- C:\Windows\System32\OptCVm6.dll

[2009.04.08 20:52:04 | 000,114,749 | ---- | C] () -- C:\Windows\System32\cxts001.dll

[2009.04.08 20:52:04 | 000,057,400 | ---- | C] () -- C:\Windows\System32\trs.dll

[2009.04.08 20:52:03 | 000,200,704 | ---- | C] () -- C:\Windows\System32\OptCVa6.dll

[2009.04.08 20:51:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\BS_Register.exe

[2009.02.28 21:01:43 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini

[2008.12.21 20:51:20 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe

[2008.12.21 20:51:20 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2008.12.21 20:51:19 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe

[2008.12.21 20:51:18 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe

[2008.12.21 20:51:18 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe

[2008.11.01 22:41:16 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll

[2008.11.01 22:41:16 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll

[2008.10.30 11:40:15 | 000,130,048 | -H-- | C] () -- C:\Users\Toni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.10.30 09:55:40 | 000,024,064 | -H-- | C] () -- C:\Users\Toni\AppData\Roaming\UserTile.png

[2008.10.29 15:36:18 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008.10.29 14:39:17 | 000,169,830 | -H-- | C] () -- C:\ProgramData\nvModes.001

[2008.10.29 14:36:20 | 000,169,830 | -H-- | C] () -- C:\ProgramData\nvModes.dat

[2008.10.29 13:23:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.10.16 19:38:13 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll

[2008.10.16 19:36:14 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\VMC3KAPI.dll

[2008.10.16 19:34:44 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2008.10.16 19:34:44 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2008.10.16 19:34:44 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe

[2008.10.16 19:34:44 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini

[2008.10.16 19:30:49 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2008.10.16 19:30:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2008.10.16 19:30:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2008.10.16 19:30:49 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2008.10.16 19:26:41 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.05.08 05:32:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.05.08 05:32:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.05.08 05:32:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.05.08 05:32:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2008.05.07 20:06:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll

[2008.05.07 20:03:50 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll

[2008.05.07 20:03:50 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll

[2008.04.30 10:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008.04.30 10:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll

[2008.04.30 10:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll

[2008.04.30 10:09:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini

[2007.05.02 18:43:30 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll

[2007.05.02 18:43:30 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll

[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,343,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.10.16 07:58:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\aspolyzt.dll

[2006.06.29 12:44:32 | 001,826,304 | ---- | C] () -- C:\Windows\System32\asconv3d.dll

[2006.03.23 09:24:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\as_tree2.dll

[2005.07.06 11:59:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\asdrawli.dll

[2005.07.04 14:17:30 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ASDRAWMA.DLL

[2004.08.17 16:34:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\AS_SORT.DLL

[2003.05.22 11:31:44 | 000,033,792 | ---- | C] () -- C:\Windows\System32\ASDRAW32.DLL

[2002.07.12 15:29:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AS_MDB32.DLL

[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[2001.06.06 10:59:04 | 000,209,612 | ---- | C] () -- C:\Windows\System32\as_fconv.exe

[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2008.11.16 17:12:21 | 000,000,000 | -HSD | M] -- C:\Users\Toni\AppData\Roaming\.#

[2008.11.15 21:59:37 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Acer

[2008.05.07 20:02:23 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Acer GameZone Console

[2009.04.08 15:44:57 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\ASCON Installer

[2009.04.08 15:48:40 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\ASCON Programme

[2008.12.21 20:28:40 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Ashampoo

[2008.11.04 23:26:41 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Big Fish Games

[2008.11.01 22:44:35 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Buhl Data Service

[2010.12.15 14:52:06 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Canon

[2010.11.21 01:21:47 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Cool Record Edit Deluxe

[2008.12.13 18:43:15 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\CoSoSys

[2008.10.29 17:53:33 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\DAEMON Tools

[2011.02.12 20:56:40 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\elsterformular

[2008.10.29 15:47:10 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\eSobi

[2008.11.01 13:39:56 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Flood Light Games

[2008.10.29 16:07:12 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\FloodLightGames

[2010.12.15 12:38:59 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\FRITZ!

[2010.08.17 21:18:35 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Leadertech

[2009.05.31 10:26:44 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\LG Electronics

[2008.11.29 23:06:03 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\LimeWire

[2008.11.29 23:11:14 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\PeerNetworking

[2008.10.29 23:33:48 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\PlayFirst

[2011.04.01 21:27:02 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Simfy

[2009.02.01 14:24:30 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\T-Online

[2009.08.21 20:58:54 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\TomTom

[2008.10.29 13:09:38 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\TuneUp Software

[2008.11.26 11:12:30 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\TVcentral-Core

[2009.08.31 11:39:50 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\Vodafone

[2010.10.16 18:47:03 | 000,000,000 | -H-D | M] -- C:\Users\Toni\AppData\Roaming\XSManager

[2011.04.27 23:13:38 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job

[2011.04.27 23:12:03 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.04.27 22:06:06 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{17657013-1DD7-4F20-A29C-8ACF8A4BCC3C}.job

[2011.04.27 23:20:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CA0E136-6AAF-4555-9DA6-79992AB719F2}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*.* >

[2009.11.10 10:18:08 | 000,000,000 | -H-- | M] () -- C:\AILog.txt

[2008.10.27 11:38:10 | 001,348,370 | -H-- | M] () -- C:\Apr2005_d3dx9_25_x64.cab

[2008.10.27 11:38:08 | 001,079,978 | -H-- | M] () -- C:\Apr2005_d3dx9_25_x86.cab

[2008.10.27 11:38:12 | 001,398,846 | -H-- | M] () -- C:\Apr2006_d3dx9_30_x64.cab

[2008.10.27 11:38:10 | 001,116,237 | -H-- | M] () -- C:\Apr2006_d3dx9_30_x86.cab

[2008.10.27 11:38:04 | 000,917,446 | -H-- | M] () -- C:\Apr2006_MDX1_x86.cab

[2008.10.27 11:38:20 | 004,163,646 | -H-- | M] () -- C:\Apr2006_MDX1_x86_Archive.cab

[2008.10.27 11:37:46 | 000,180,149 | -H-- | M] () -- C:\Apr2006_XACT_x64.cab

[2008.10.27 11:37:38 | 000,134,119 | -H-- | M] () -- C:\Apr2006_XACT_x86.cab

[2008.10.27 11:38:02 | 000,088,117 | -H-- | M] () -- C:\Apr2006_xinput_x64.cab

[2008.10.27 11:38:00 | 000,047,026 | -H-- | M] () -- C:\Apr2006_xinput_x86.cab

[2008.10.27 11:38:00 | 000,699,628 | -H-- | M] () -- C:\APR2007_d3dx10_33_x64.cab

[2008.10.27 11:37:58 | 000,696,881 | -H-- | M] () -- C:\APR2007_d3dx10_33_x86.cab

[2008.10.27 11:38:18 | 001,608,374 | -H-- | M] () -- C:\APR2007_d3dx9_33_x64.cab

[2008.10.27 11:38:16 | 001,607,055 | -H-- | M] () -- C:\APR2007_d3dx9_33_x86.cab

[2008.10.27 11:37:48 | 000,196,782 | -H-- | M] () -- C:\APR2007_XACT_x64.cab

[2008.10.27 11:37:44 | 000,152,241 | -H-- | M] () -- C:\APR2007_XACT_x86.cab

[2008.10.27 11:38:08 | 000,097,833 | -H-- | M] () -- C:\APR2007_xinput_x64.cab

[2008.10.27 11:38:02 | 000,054,318 | -H-- | M] () -- C:\APR2007_xinput_x86.cab

[2008.10.27 11:38:12 | 001,351,558 | -H-- | M] () -- C:\Aug2005_d3dx9_27_x64.cab

[2008.10.27 11:38:08 | 001,078,660 | -H-- | M] () -- C:\Aug2005_d3dx9_27_x86.cab

[2008.10.27 11:37:48 | 000,183,919 | -H-- | M] () -- C:\AUG2006_XACT_x64.cab

[2008.10.27 11:37:42 | 000,138,251 | -H-- | M] () -- C:\AUG2006_XACT_x86.cab

[2008.10.27 11:38:02 | 000,088,158 | -H-- | M] () -- C:\AUG2006_xinput_x64.cab

[2008.10.27 11:38:02 | 000,047,074 | -H-- | M] () -- C:\AUG2006_xinput_x86.cab

[2008.10.27 11:38:04 | 000,853,302 | -H-- | M] () -- C:\AUG2007_d3dx10_35_x64.cab

[2008.10.27 11:38:00 | 000,797,883 | -H-- | M] () -- C:\AUG2007_d3dx10_35_x86.cab

[2008.10.27 11:38:18 | 001,801,176 | -H-- | M] () -- C:\AUG2007_d3dx9_35_x64.cab

[2008.10.27 11:38:18 | 001,709,168 | -H-- | M] () -- C:\AUG2007_d3dx9_35_x86.cab

[2008.10.27 11:37:52 | 000,199,112 | -H-- | M] () -- C:\AUG2007_XACT_x64.cab

[2008.10.27 11:37:46 | 000,154,028 | -H-- | M] () -- C:\AUG2007_XACT_x86.cab

[2008.10.27 11:38:04 | 000,868,628 | -H-- | M] () -- C:\Aug2008_d3dx10_39_x64.cab

[2008.10.27 11:38:02 | 000,850,183 | -H-- | M] () -- C:\Aug2008_d3dx10_39_x86.cab

[2008.10.27 11:38:18 | 001,795,100 | -H-- | M] () -- C:\Aug2008_d3dx9_39_x64.cab

[2008.10.27 11:38:14 | 001,465,688 | -H-- | M] () -- C:\Aug2008_d3dx9_39_x86.cab

[2008.10.27 11:37:40 | 000,122,840 | -H-- | M] () -- C:\Aug2008_XACT_x64.cab

[2008.10.27 11:38:02 | 000,094,028 | -H-- | M] () -- C:\Aug2008_XACT_x86.cab

[2008.10.27 11:37:58 | 000,272,384 | -H-- | M] () -- C:\Aug2008_XAudio_x64.cab

[2008.10.27 11:37:58 | 000,270,858 | -H-- | M] () -- C:\Aug2008_XAudio_x86.cab

[2008.10.27 11:38:10 | 001,156,507 | -H-- | M] () -- C:\BDANT.cab

[2008.10.27 11:38:04 | 000,976,164 | -H-- | M] () -- C:\BDAXP.cab

[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2008.02.06 01:25:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2008.10.27 11:38:14 | 001,358,992 | -H-- | M] () -- C:\Dec2005_d3dx9_28_x64.cab

[2008.10.27 11:38:10 | 001,080,472 | -H-- | M] () -- C:\Dec2005_d3dx9_28_x86.cab

[2008.10.27 11:37:50 | 000,213,823 | -H-- | M] () -- C:\DEC2006_d3dx10_00_x64.cab

[2008.10.27 11:37:48 | 000,192,736 | -H-- | M] () -- C:\DEC2006_d3dx10_00_x86.cab

[2008.10.27 11:38:16 | 001,572,170 | -H-- | M] () -- C:\DEC2006_d3dx9_32_x64.cab

[2008.10.27 11:38:16 | 001,575,392 | -H-- | M] () -- C:\DEC2006_d3dx9_32_x86.cab

[2008.10.27 11:37:50 | 000,193,491 | -H-- | M] () -- C:\DEC2006_XACT_x64.cab

[2008.10.27 11:37:42 | 000,146,615 | -H-- | M] () -- C:\DEC2006_XACT_x86.cab

[2008.10.27 11:38:54 | 000,095,056 | -H-- | M] (Microsoft Corporation) -- C:\DSETUP.dll

[2008.10.27 11:37:34 | 001,692,496 | -H-- | M] (Microsoft Corporation) -- C:\dsetup32.dll

[2008.10.27 11:38:04 | 000,045,464 | -H-- | M] () -- C:\dxdllreg_x86.cab

[2008.10.27 11:38:20 | 013,265,184 | -H-- | M] () -- C:\dxnt.cab

[2008.10.27 11:36:58 | 000,526,160 | -H-- | M] (Microsoft Corporation) -- C:\DXSETUP.exe

[2008.10.27 11:38:04 | 000,096,053 | -H-- | M] () -- C:\dxupdate.cab

[2008.10.27 11:38:10 | 001,248,515 | -H-- | M] () -- C:\Feb2005_d3dx9_24_x64.cab

[2008.10.27 11:38:08 | 001,014,241 | -H-- | M] () -- C:\Feb2005_d3dx9_24_x86.cab

[2008.10.27 11:38:14 | 001,363,812 | -H-- | M] () -- C:\Feb2006_d3dx9_29_x64.cab

[2008.10.27 11:38:08 | 001,085,736 | -H-- | M] () -- C:\Feb2006_d3dx9_29_x86.cab

[2008.10.27 11:37:46 | 000,179,375 | -H-- | M] () -- C:\Feb2006_XACT_x64.cab

[2008.10.27 11:37:40 | 000,133,425 | -H-- | M] () -- C:\Feb2006_XACT_x86.cab

[2008.10.27 11:37:48 | 000,195,691 | -H-- | M] () -- C:\FEB2007_XACT_x64.cab

[2008.10.27 11:37:42 | 000,148,999 | -H-- | M] () -- C:\FEB2007_XACT_x86.cab

[2011.04.27 23:13:06 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys

[2010.11.27 18:43:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010.03.16 15:21:00 | 000,470,480 | -H-- | M] (IPLabs GmbH) -- C:\JordanApplet.dll

[2008.10.27 11:38:10 | 001,337,018 | -H-- | M] () -- C:\Jun2005_d3dx9_26_x64.cab

[2008.10.27 11:38:08 | 001,065,941 | -H-- | M] () -- C:\Jun2005_d3dx9_26_x86.cab

[2008.10.27 11:37:46 | 000,181,801 | -H-- | M] () -- C:\JUN2006_XACT_x64.cab

[2008.10.27 11:37:40 | 000,134,687 | -H-- | M] () -- C:\JUN2006_XACT_x86.cab

[2008.10.27 11:38:00 | 000,700,060 | -H-- | M] () -- C:\JUN2007_d3dx10_34_x64.cab

[2008.10.27 11:37:58 | 000,699,488 | -H-- | M] () -- C:\JUN2007_d3dx10_34_x86.cab

[2008.10.27 11:38:16 | 001,608,790 | -H-- | M] () -- C:\JUN2007_d3dx9_34_x64.cab

[2008.10.27 11:38:16 | 001,608,302 | -H-- | M] () -- C:\JUN2007_d3dx9_34_x86.cab

[2008.10.27 11:37:50 | 000,198,138 | -H-- | M] () -- C:\JUN2007_XACT_x64.cab

[2008.10.27 11:37:44 | 000,153,925 | -H-- | M] () -- C:\JUN2007_XACT_x86.cab

[2008.10.27 11:38:04 | 000,868,844 | -H-- | M] () -- C:\JUN2008_d3dx10_38_x64.cab

[2008.10.27 11:38:04 | 000,850,935 | -H-- | M] () -- C:\JUN2008_d3dx10_38_x86.cab

[2008.10.27 11:38:18 | 001,793,624 | -H-- | M] () -- C:\JUN2008_d3dx9_38_x64.cab

[2008.10.27 11:38:14 | 001,464,894 | -H-- | M] () -- C:\JUN2008_d3dx9_38_x86.cab

[2008.10.27 11:38:02 | 000,056,170 | -H-- | M] () -- C:\JUN2008_X3DAudio_x64.cab

[2008.10.27 11:38:02 | 000,022,921 | -H-- | M] () -- C:\JUN2008_X3DAudio_x86.cab

[2008.10.27 11:37:40 | 000,122,070 | -H-- | M] () -- C:\JUN2008_XACT_x64.cab

[2008.10.27 11:38:04 | 000,094,144 | -H-- | M] () -- C:\JUN2008_XACT_x86.cab

[2008.10.27 11:37:58 | 000,270,644 | -H-- | M] () -- C:\JUN2008_XAudio_x64.cab

[2008.10.27 11:37:52 | 000,270,040 | -H-- | M] () -- C:\JUN2008_XAudio_x86.cab

[2008.10.27 11:38:02 | 000,845,900 | -H-- | M] () -- C:\Mar2008_d3dx10_37_x64.cab

[2008.10.27 11:38:02 | 000,819,276 | -H-- | M] () -- C:\Mar2008_d3dx10_37_x86.cab

[2008.10.27 11:38:18 | 001,770,878 | -H-- | M] () -- C:\Mar2008_d3dx9_37_x64.cab

[2008.10.27 11:38:12 | 001,444,298 | -H-- | M] () -- C:\Mar2008_d3dx9_37_x86.cab

[2008.10.27 11:38:02 | 000,056,074 | -H-- | M] () -- C:\Mar2008_X3DAudio_x64.cab

[2008.10.27 11:38:00 | 000,022,883 | -H-- | M] () -- C:\Mar2008_X3DAudio_x86.cab

[2008.10.27 11:37:40 | 000,123,352 | -H-- | M] () -- C:\Mar2008_XACT_x64.cab

[2008.10.27 11:38:08 | 000,094,750 | -H-- | M] () -- C:\Mar2008_XACT_x86.cab

[2008.10.27 11:37:52 | 000,252,210 | -H-- | M] () -- C:\Mar2008_XAudio_x64.cab

[2008.10.27 11:37:52 | 000,227,266 | -H-- | M] () -- C:\Mar2008_XAudio_x86.cab

[2008.10.16 19:30:37 | 000,000,020 | -H-- | M] () -- C:\Medion.ini

[2010.11.27 18:43:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2007.03.12 18:59:00 | 000,299,008 | -H-- | M] () -- C:\navigram_register.exe

[2008.10.27 11:38:04 | 000,865,616 | -H-- | M] () -- C:\Nov2007_d3dx10_36_x64.cab

[2008.10.27 11:38:00 | 000,804,900 | -H-- | M] () -- C:\Nov2007_d3dx10_36_x86.cab

[2008.10.27 11:38:20 | 001,803,074 | -H-- | M] () -- C:\Nov2007_d3dx9_36_x64.cab

[2008.10.27 11:38:18 | 001,710,376 | -H-- | M] () -- C:\Nov2007_d3dx9_36_x86.cab

[2008.10.27 11:38:02 | 000,047,160 | -H-- | M] () -- C:\NOV2007_X3DAudio_x64.cab

[2008.10.27 11:38:02 | 000,019,512 | -H-- | M] () -- C:\NOV2007_X3DAudio_x86.cab

[2008.10.27 11:37:48 | 000,197,778 | -H-- | M] () -- C:\NOV2007_XACT_x64.cab

[2008.10.27 11:37:42 | 000,149,280 | -H-- | M] () -- C:\NOV2007_XACT_x86.cab

[2008.10.27 11:38:08 | 000,995,154 | -H-- | M] () -- C:\Nov2008_d3dx10_40_x64.cab

[2008.10.27 11:38:04 | 000,966,445 | -H-- | M] () -- C:\Nov2008_d3dx10_40_x86.cab

[2008.10.27 11:38:20 | 001,907,944 | -H-- | M] () -- C:\Nov2008_d3dx9_40_x64.cab

[2008.10.27 11:38:14 | 001,551,228 | -H-- | M] () -- C:\Nov2008_d3dx9_40_x86.cab

[2008.10.27 11:38:04 | 000,055,538 | -H-- | M] () -- C:\Nov2008_X3DAudio_x64.cab

[2008.10.27 11:38:02 | 000,022,867 | -H-- | M] () -- C:\Nov2008_X3DAudio_x86.cab

[2008.10.27 11:38:08 | 000,122,810 | -H-- | M] () -- C:\Nov2008_XACT_x64.cab

[2008.10.27 11:38:02 | 000,093,700 | -H-- | M] () -- C:\Nov2008_XACT_x86.cab

[2008.10.27 11:37:54 | 000,274,976 | -H-- | M] () -- C:\Nov2008_XAudio_x64.cab

[2008.10.27 11:37:54 | 000,273,627 | -H-- | M] () -- C:\Nov2008_XAudio_x86.cab

[2008.10.27 11:38:02 | 000,087,053 | -H-- | M] () -- C:\Oct2005_xinput_x64.cab

[2008.10.27 11:38:02 | 000,046,375 | -H-- | M] () -- C:\Oct2005_xinput_x86.cab

[2008.10.27 11:38:14 | 001,413,918 | -H-- | M] () -- C:\OCT2006_d3dx9_31_x64.cab

[2008.10.27 11:38:10 | 001,128,233 | -H-- | M] () -- C:\OCT2006_d3dx9_31_x86.cab

[2008.10.27 11:37:48 | 000,183,377 | -H-- | M] () -- C:\OCT2006_XACT_x64.cab

[2008.10.27 11:37:42 | 000,139,033 | -H-- | M] () -- C:\OCT2006_XACT_x86.cab

[2011.04.27 23:13:05 | 3529,629,696 | -HS- | M] () -- C:\pagefile.sys

[2008.10.16 19:27:07 | 000,000,058 | -H-- | M] () -- C:\Partition.txt

[2008.08.28 07:49:24 | 000,004,676 | -HS- | M] () -- C:\Patch.rev

[2008.10.17 05:05:05 | 000,000,147 | RHS- | M] () -- C:\preload.rev

[2009.02.06 15:04:15 | 000,000,091 | -H-- | M] () -- C:\PS.log

[2008.10.16 19:31:34 | 000,000,426 | -H-- | M] () -- C:\RHDSetup.log

[2011.04.27 18:11:42 | 000,069,572 | -H-- | M] () -- C:\TDSSKiller.2.4.21.0_27.04.2011_18.06.39_log.txt

[2009.04.15 07:59:58 | 000,004,863 | -H-- | M] () -- C:\WirelessDiagLog.csv

 
 < %systemroot%\system32\*.wt >

 
 < %systemroot%\system32\*.ruy >

 
 < %systemroot%\Fonts\*.com >

[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009.09.13 12:15:15 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

 
 < %systemroot%\Fonts\*.dll >

 
 < %systemroot%\Fonts\*.ini >

[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

 
 < %systemroot%\Fonts\*.ini2 >

 
 < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2009.05.26 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDA2.DLL

[2009.05.26 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPA2.DLL

[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

 
 < %systemroot%\REPAIR\*.bak1 >

 
 < %systemroot%\REPAIR\*.ini >

 
 < %systemroot%\system32\*.jpg >

 
 < %systemroot%\*.scr >

 
 < %systemroot%\*._sy >

 
 < %APPDATA%\Adobe\Update\*.* >

 
 < %ALLUSERSPROFILE%\Favorites\*.* >

 
 < %APPDATA%\Microsoft\*.* >

 
 < %PROGRAMFILES%\*.* >

[2010.10.23 22:42:46 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini

 
 < %APPDATA%\Update\*.* >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

 
 < %systemroot%\Tasks\*.job /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\system32\user32.dll /md5 >

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

 
 < %systemroot%\system32\ws2_32.dll /md5 >

[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

 
 < %systemroot%\system32\ws2help.dll /md5 >

[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

 

 
 < MD5 for: EXPLORER.EXE  >

[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-27 16:21:50

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D88D995C
 

< End of report >

Mach bei Schritt 3 weiter. Danach gib eine Rückmeldung wie die Kiste läuft.

das war jetzt schritt drei

Code:

GMER 1.0.15.15570 - hxxp://www.gmer.net

Rootkit scan 2011-04-28 00:25:46

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11

Running: kwsq8vtb.exe; Driver: C:\Users\Toni\AppData\Local\Temp\awroauow.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                          section is writeable [0x8EC0E340, 0x3EDF57, 0xE8000020]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CreateDialogParamW                                               767C72A2 5 Bytes  JMP 68C8DEE8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!GetAsyncKeyState                                                 767C863C 5 Bytes  JMP 68BA8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!SetWindowsHookExW                                                767C87AD 5 Bytes  JMP 68C89B01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CallNextHookEx                                                   767C8E3B 5 Bytes  JMP 68C7D125 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!UnhookWindowsHookEx                                              767C98DB 5 Bytes  JMP 68BF4664 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!EnableWindow                                                     767CCD8B 5 Bytes  JMP 68C8DD75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CreateWindowExW                                                  767D1305 5 Bytes  JMP 68C8DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!GetKeyState                                                      767D8CB1 5 Bytes  JMP 68C8D323 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!IsDialogMessageW                                                 767E0745 5 Bytes  JMP 68BB59CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CreateDialogParamA                                               767E17AA 5 Bytes  JMP 68D85D83 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!IsDialogMessage                                                  767E1847 5 Bytes  JMP 68D8561F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CreateDialogIndirectParamA                                       767E26F1 5 Bytes  JMP 68D85DBA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CreateDialogIndirectParamW                                       767E9A62 5 Bytes  JMP 68D85DF1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!SetKeyboardState                                                 767F0987 5 Bytes  JMP 68D8598E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DialogBoxParamW                                                  767F10B0 5 Bytes  JMP 68BB54BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DialogBoxIndirectParamW                                          767F2EF5 5 Bytes  JMP 68D85117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!SendInput                                                        767F2F75 5 Bytes  JMP 68D8654B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!EndDialog                                                        767F326E 5 Bytes  JMP 68BB7E76 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!SetCursorPos                                                     76806FB2 5 Bytes  JMP 68D8659F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DialogBoxParamA                                                  76808152 5 Bytes  JMP 68D850B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DialogBoxIndirectParamA                                          7680847D 5 Bytes  JMP 68D8517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!MessageBoxIndirectA                                              7681D4D9 5 Bytes  JMP 68D85049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!MessageBoxIndirectW                                              7681D5D3 5 Bytes  JMP 68D84FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!MessageBoxExA                                                    7681D639 5 Bytes  JMP 68D84F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!MessageBoxExW                                                    7681D65D 5 Bytes  JMP 68D84F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!keybd_event                                                      7681D972 5 Bytes  JMP 68D868CF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] SHELL32.dll!SHRestricted + D95                                              771889A8 4 Bytes  [4D, 30, 17, 6A]

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] SHELL32.dll!SHRestricted + D9D                                              771889B0 8 Bytes  [57, 2F, 17, 6A, 9C, 5B, 16, ...]

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] ole32.dll!OleLoadFromStream                                                 76301E80 5 Bytes  JMP 68D8547F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4476] ole32.dll!CoCreateInstance                                                  76339F3E 5 Bytes  JMP 68C8DBB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CreateWindowExW                                                  767D1305 5 Bytes  JMP 68C8DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DialogBoxParamW                                                  767F10B0 5 Bytes  JMP 68BB54BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DialogBoxIndirectParamW                                          767F2EF5 5 Bytes  JMP 68D85117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DialogBoxParamA                                                  76808152 5 Bytes  JMP 68D850B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DialogBoxIndirectParamA                                          7680847D 5 Bytes  JMP 68D8517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxIndirectA                                              7681D4D9 5 Bytes  JMP 68D85049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxIndirectW                                              7681D5D3 5 Bytes  JMP 68D84FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxExA                                                    7681D639 5 Bytes  JMP 68D84F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxExW                                                    7681D65D 5 Bytes  JMP 68D84F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[6100] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                                7713B37C 4 Bytes  [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                           Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cd8816                                                       

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cd8816@0022a946c968                                          0x82 0x53 0x49 0x35 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cd8816@001fe4f3b247                                          0x27 0xBC 0x7B 0xE8 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cd8816@0014a774b664                                          0x73 0x08 0x07 0x7D ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                  

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                               C:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                               0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                            0x97 0x21 0xEB 0x41 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                         

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                      0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                   0x79 0x35 0xAE 0x7E ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                   

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                             0x98 0xE3 0x73 0xA1 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cd8816 (not active ControlSet)                                   

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cd8816@0022a946c968                                              0x82 0x53 0x49 0x35 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cd8816@001fe4f3b247                                              0x27 0xBC 0x7B 0xE8 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cd8816@0014a774b664                                              0x73 0x08 0x07 0x7D ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                              

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                   C:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                   0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                0x97 0x21 0xEB 0x41 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                     

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                          0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                       0x79 0x35 0xAE 0x7E ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)               

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                 0x98 0xE3 0x73 0xA1 ...

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE2C6785-0A3D-672C-5577-E57826722AE6}                   

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE2C6785-0A3D-672C-5577-E57826722AE6}@halhgbinmaafheop  0x6B 0x61 0x62 0x62 ...

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE2C6785-0A3D-672C-5577-E57826722AE6}@gaehllbfdokfhn    0x61 0x63 0x69 0x62 ...
 

---- EOF - GMER 1.0.15 ----

also ich denke, wir haben schon echte fortschritte gemacht.
die ganzen fehlermeldungen wie: "Ein kritischer Fehler der Festplatte...",
"Fehler der Festplatte, Ram Speicher nutzung ist kritisch hoch...",
"das system hat ein problem mit einem oder mehreren installierten IDE/SATA-festplatten erkannt..."
kommen nicht mehr und die kiste bewegt sich schon schneller.
der desktop ist allerdings noch schwarz und so gut wie alle sachen fehlen weiterhin.

Danke für die hilfe bis jetzt!!!

Schritt 1

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. (Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Schritt 2

Unter den Eigenschaften der betroffenen Benutzerordner das Häkchen bei "versteckt" entfernen
und diese Änderung für sämtl. Unterordner und Dateien mit übernehmen

Schritt 3

Da wir in der Registry Änderungen vornehmen müssen, wirst Du die Registry vorher wie folgt sichern:
Lade das Tool ERUNT von Lars Hederer herunter und installiere es. Starte die erunt.exe und erstelle damit eine Backup der Registry in den vorgegebenen Ordner. Unter Sicherungsoptionen bitte alle drei Möglichkeiten anhaken. Das Programm nicht in den Systemstart aufnehmen.

Schritt 4

Über "regedit" (eingeben im Suchfeld beiM Startmenü)
nach "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" navigieren.
Dort beim Eintrag "NoDesktop" den Wert von 1 auf 0 ändern.
Regedit verlassen.

Schritt 5

Scanne erneut mit Malwarebytes und poste das Log. (Fullscan)

also unhide.exe habe ich ausgeführt aber alles ist noch nicht wieder da.

auf dem desktop fehlen noch ein einige und in der taskleiste auch.

habe mal ein bild vom desktop und der taskleiste angehängt.

Dann mach einmal Schritt 2 - 5

also schritt 2 und 3 habe ich gemacht aber ich komme nicht dahin wo ich hin navigieren soll.

ich komme nur bis hier

Ok dann lass es einmal und mach hier weiter:

Schritt 1

Dowloade Dir bitte TDSS Killer.zip und speichere es am Desktop.
Extrahiere den Inhalt der Datei auf deinem Desktop.
Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.
- Schließe alle laufenden Programme.
- Trenne dich von Internet.
- Deaktiviere deine AntiViren Software.
Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Drücke auf Start scan.
Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
Wenn das Tool fertig ist, poppt ein Fenster mit den Funden auf.
Dieses bitte einfach schließen.
Nun auf Report klicken.
Bitte poste mir den Inhalt hier in deinen Thread.
(auch zu finden unter C:\TDSSKiller<time_date>.txt)

hallo,
hier das ergebnis

Code:

2011/04/28 22:02:02.0860 1992        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/28 22:02:02.0876 1992        ================================================================================

2011/04/28 22:02:02.0876 1992        SystemInfo:

2011/04/28 22:02:02.0876 1992        

2011/04/28 22:02:02.0876 1992        OS Version: 6.0.6002 ServicePack: 2.0

2011/04/28 22:02:02.0876 1992        Product type: Workstation

2011/04/28 22:02:02.0876 1992        ComputerName: TONIS-SCHLEPPI

2011/04/28 22:02:02.0876 1992        UserName: Toni

2011/04/28 22:02:02.0876 1992        Windows directory: C:\Windows

2011/04/28 22:02:02.0876 1992        System windows directory: C:\Windows

2011/04/28 22:02:02.0876 1992        Processor architecture: Intel x86

2011/04/28 22:02:02.0876 1992        Number of processors: 2

2011/04/28 22:02:02.0876 1992        Page size: 0x1000

2011/04/28 22:02:02.0876 1992        Boot type: Normal boot

2011/04/28 22:02:02.0876 1992        ================================================================================

2011/04/28 22:02:03.0125 1992        Initialize success

2011/04/28 22:02:07.0462 0268        ================================================================================

2011/04/28 22:02:07.0462 0268        Scan started

2011/04/28 22:02:07.0462 0268        Mode: Manual; 

2011/04/28 22:02:07.0462 0268        ================================================================================

2011/04/28 22:02:09.0069 0268        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/04/28 22:02:09.0116 0268        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2011/04/28 22:02:09.0147 0268        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2011/04/28 22:02:09.0178 0268        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2011/04/28 22:02:09.0194 0268        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2011/04/28 22:02:09.0256 0268        AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2011/04/28 22:02:09.0334 0268        AgereSoftModem  (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys

2011/04/28 22:02:09.0397 0268        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2011/04/28 22:02:09.0412 0268        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/04/28 22:02:09.0443 0268        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2011/04/28 22:02:09.0475 0268        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2011/04/28 22:02:09.0521 0268        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2011/04/28 22:02:09.0537 0268        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2011/04/28 22:02:09.0568 0268        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2011/04/28 22:02:09.0662 0268        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2011/04/28 22:02:09.0693 0268        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2011/04/28 22:02:09.0709 0268        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/04/28 22:02:09.0740 0268        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/04/28 22:02:09.0771 0268        ATSWPDRV        (73742099982cf514512e1941f2862c33) C:\Windows\system32\DRIVERS\ATSwpDrv.sys

2011/04/28 22:02:09.0818 0268        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/04/28 22:02:09.0849 0268        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys

2011/04/28 22:02:09.0880 0268        b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/04/28 22:02:09.0896 0268        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/04/28 22:02:09.0943 0268        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2011/04/28 22:02:10.0021 0268        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

2011/04/28 22:02:10.0036 0268        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/04/28 22:02:10.0052 0268        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/04/28 22:02:10.0099 0268        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/04/28 22:02:10.0114 0268        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/04/28 22:02:10.0130 0268        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/04/28 22:02:10.0161 0268        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/04/28 22:02:10.0192 0268        BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/04/28 22:02:10.0223 0268        BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/04/28 22:02:10.0255 0268        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

2011/04/28 22:02:10.0301 0268        BTHPORT         (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys

2011/04/28 22:02:10.0333 0268        BTHUSB          (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys

2011/04/28 22:02:10.0379 0268        btwaudio        (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys

2011/04/28 22:02:10.0395 0268        btwavdt         (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys

2011/04/28 22:02:10.0426 0268        btwrchid        (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/04/28 22:02:10.0457 0268        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/04/28 22:02:10.0489 0268        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/04/28 22:02:10.0551 0268        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2011/04/28 22:02:10.0598 0268        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/04/28 22:02:10.0629 0268        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/04/28 22:02:10.0660 0268        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2011/04/28 22:02:10.0707 0268        cmnsusbser      (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys

2011/04/28 22:02:10.0738 0268        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/04/28 22:02:10.0754 0268        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2011/04/28 22:02:10.0785 0268        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2011/04/28 22:02:10.0863 0268        DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2011/04/28 22:02:10.0910 0268        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/04/28 22:02:10.0957 0268        DKbFltr         (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

2011/04/28 22:02:10.0988 0268        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/04/28 22:02:11.0035 0268        DslMNLwf        (e577b5c4a6be078e5445cdcfb65be7ab) C:\Windows\system32\DRIVERS\dslmnlwf.sys

2011/04/28 22:02:11.0050 0268        dsltestSp5      (c6b2e10cfe79169c72f0269087b9a603) C:\Windows\system32\Drivers\dsltestSp5.sys

2011/04/28 22:02:11.0097 0268        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

2011/04/28 22:02:11.0144 0268        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/04/28 22:02:11.0191 0268        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/04/28 22:02:11.0253 0268        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2011/04/28 22:02:11.0300 0268        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2011/04/28 22:02:11.0362 0268        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/04/28 22:02:11.0409 0268        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/04/28 22:02:11.0440 0268        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2011/04/28 22:02:11.0471 0268        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/04/28 22:02:11.0487 0268        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/04/28 22:02:11.0534 0268        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/04/28 22:02:11.0596 0268        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/04/28 22:02:11.0627 0268        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/04/28 22:02:11.0643 0268        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2011/04/28 22:02:11.0674 0268        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\drivers\GEARAspiWDM.sys

2011/04/28 22:02:11.0721 0268        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/04/28 22:02:11.0752 0268        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/04/28 22:02:11.0908 0268        HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys

2011/04/28 22:02:12.0033 0268        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/04/28 22:02:12.0064 0268        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/04/28 22:02:12.0095 0268        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2011/04/28 22:02:12.0127 0268        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/04/28 22:02:12.0173 0268        HSF_DPV         (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

2011/04/28 22:02:12.0236 0268        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2011/04/28 22:02:12.0267 0268        hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys

2011/04/28 22:02:12.0298 0268        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2011/04/28 22:02:12.0329 0268        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/04/28 22:02:12.0361 0268        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2011/04/28 22:02:12.0407 0268        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/04/28 22:02:12.0485 0268        int15           (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys

2011/04/28 22:02:12.0563 0268        IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys

2011/04/28 22:02:12.0641 0268        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/04/28 22:02:12.0673 0268        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/04/28 22:02:12.0704 0268        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/04/28 22:02:12.0751 0268        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2011/04/28 22:02:12.0782 0268        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/04/28 22:02:12.0844 0268        irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys

2011/04/28 22:02:12.0860 0268        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/04/28 22:02:12.0891 0268        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2011/04/28 22:02:12.0922 0268        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/04/28 22:02:12.0953 0268        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/04/28 22:02:12.0969 0268        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/04/28 22:02:13.0016 0268        JMCR            (dedb6cc1b166928a8f3f68def1766db0) C:\Windows\system32\DRIVERS\jmcr.sys

2011/04/28 22:02:13.0047 0268        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/04/28 22:02:13.0078 0268        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/04/28 22:02:13.0109 0268        KMWDFILTER      (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys

2011/04/28 22:02:13.0156 0268        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/04/28 22:02:13.0234 0268        LEqdUsb         (70035567754bed4e6ad353ca3f175127) C:\Windows\system32\Drivers\LEqdUsb.Sys

2011/04/28 22:02:13.0265 0268        LHidEqd         (32491b6bae0afad1d7a62c0ef0af4321) C:\Windows\system32\Drivers\LHidEqd.Sys

2011/04/28 22:02:13.0328 0268        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2011/04/28 22:02:13.0359 0268        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/04/28 22:02:13.0390 0268        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2011/04/28 22:02:13.0437 0268        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2011/04/28 22:02:13.0468 0268        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2011/04/28 22:02:13.0499 0268        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2011/04/28 22:02:13.0546 0268        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/04/28 22:02:13.0593 0268        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2011/04/28 22:02:13.0624 0268        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2011/04/28 22:02:13.0671 0268        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/04/28 22:02:13.0687 0268        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/04/28 22:02:13.0702 0268        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/04/28 22:02:13.0718 0268        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/04/28 22:02:13.0749 0268        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/04/28 22:02:13.0780 0268        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2011/04/28 22:02:13.0796 0268        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/04/28 22:02:13.0843 0268        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/04/28 22:02:13.0889 0268        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/04/28 22:02:13.0936 0268        mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/04/28 22:02:13.0967 0268        mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/04/28 22:02:13.0983 0268        mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/04/28 22:02:14.0030 0268        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

2011/04/28 22:02:14.0061 0268        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2011/04/28 22:02:14.0092 0268        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/04/28 22:02:14.0123 0268        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/04/28 22:02:14.0155 0268        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/04/28 22:02:14.0186 0268        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/04/28 22:02:14.0201 0268        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/04/28 22:02:14.0248 0268        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/04/28 22:02:14.0279 0268        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/04/28 22:02:14.0311 0268        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/04/28 22:02:14.0326 0268        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/04/28 22:02:14.0373 0268        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/04/28 22:02:14.0435 0268        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/04/28 22:02:14.0498 0268        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/04/28 22:02:14.0513 0268        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/04/28 22:02:14.0560 0268        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/04/28 22:02:14.0607 0268        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/04/28 22:02:14.0654 0268        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/04/28 22:02:14.0701 0268        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/04/28 22:02:14.0841 0268        NETw5v32        (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys

2011/04/28 22:02:14.0950 0268        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/04/28 22:02:15.0028 0268        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/04/28 22:02:15.0044 0268        NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys

2011/04/28 22:02:15.0075 0268        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/04/28 22:02:15.0153 0268        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/04/28 22:02:15.0200 0268        NTIDrvr         (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys

2011/04/28 22:02:15.0215 0268        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/04/28 22:02:15.0231 0268        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/04/28 22:02:15.0278 0268        NVHDA           (2c7ac27710e8d41c1eb7d1599187d237) C:\Windows\system32\drivers\nvhda32v.sys

2011/04/28 22:02:15.0449 0268        nvlddmkm        (cb0d6f8f65b8766ff2aaaa78881fd9f8) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/04/28 22:02:15.0512 0268        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2011/04/28 22:02:15.0543 0268        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2011/04/28 22:02:15.0590 0268        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2011/04/28 22:02:15.0652 0268        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/04/28 22:02:15.0699 0268        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/04/28 22:02:15.0746 0268        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/04/28 22:02:15.0777 0268        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/04/28 22:02:15.0808 0268        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/04/28 22:02:15.0839 0268        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2011/04/28 22:02:15.0871 0268        pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/04/28 22:02:15.0917 0268        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/04/28 22:02:16.0027 0268        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/04/28 22:02:16.0058 0268        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2011/04/28 22:02:16.0120 0268        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/04/28 22:02:16.0167 0268        PSDFilter       (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys

2011/04/28 22:02:16.0183 0268        PSDNServ        (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys

2011/04/28 22:02:16.0214 0268        psdvdisk        (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys

2011/04/28 22:02:16.0261 0268        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

2011/04/28 22:02:16.0323 0268        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2011/04/28 22:02:16.0354 0268        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/04/28 22:02:16.0370 0268        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/04/28 22:02:16.0401 0268        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/04/28 22:02:16.0432 0268        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/04/28 22:02:16.0495 0268        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/04/28 22:02:16.0526 0268        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/04/28 22:02:16.0573 0268        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/04/28 22:02:16.0588 0268        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/04/28 22:02:16.0619 0268        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2011/04/28 22:02:16.0651 0268        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/04/28 22:02:16.0682 0268        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/04/28 22:02:16.0729 0268        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/04/28 22:02:16.0775 0268        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/04/28 22:02:16.0822 0268        s217bus         (0266151de3f36429f6ac3c4b28085061) C:\Windows\system32\DRIVERS\s217bus.sys

2011/04/28 22:02:16.0853 0268        s217mdfl        (a43c0af0e46be7ef0c7e8ccf0f058600) C:\Windows\system32\DRIVERS\s217mdfl.sys

2011/04/28 22:02:16.0885 0268        s217mdm         (005f5ded1ed8f8a9d2399d765ead20f1) C:\Windows\system32\DRIVERS\s217mdm.sys

2011/04/28 22:02:16.0916 0268        s217nd5         (11cc5d7f992799e7e75d018e9c018563) C:\Windows\system32\DRIVERS\s217nd5.sys

2011/04/28 22:02:16.0931 0268        s217obex        (0f9f4045799afb66b85eef999d0609ec) C:\Windows\system32\DRIVERS\s217obex.sys

2011/04/28 22:02:16.0947 0268        s217unic        (1c91e1023f07b6407d84b5a43537d984) C:\Windows\system32\DRIVERS\s217unic.sys

2011/04/28 22:02:16.0994 0268        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/04/28 22:02:17.0041 0268        sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

2011/04/28 22:02:17.0072 0268        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/04/28 22:02:17.0103 0268        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/04/28 22:02:17.0134 0268        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/04/28 22:02:17.0150 0268        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/04/28 22:02:17.0181 0268        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2011/04/28 22:02:17.0212 0268        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2011/04/28 22:02:17.0243 0268        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2011/04/28 22:02:17.0259 0268        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/04/28 22:02:17.0290 0268        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2011/04/28 22:02:17.0321 0268        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2011/04/28 22:02:17.0353 0268        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2011/04/28 22:02:17.0399 0268        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/04/28 22:02:17.0462 0268        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/04/28 22:02:17.0524 0268        sptd            (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys

2011/04/28 22:02:17.0587 0268        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

2011/04/28 22:02:17.0665 0268        srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys

2011/04/28 22:02:17.0727 0268        srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys

2011/04/28 22:02:17.0774 0268        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/04/28 22:02:17.0805 0268        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/04/28 22:02:17.0852 0268        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/04/28 22:02:17.0867 0268        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/04/28 22:02:17.0899 0268        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/04/28 22:02:17.0914 0268        SynTP           (32e8b307f0e9f72b66b518fd62eab91e) C:\Windows\system32\DRIVERS\SynTP.sys

2011/04/28 22:02:18.0008 0268        Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2011/04/28 22:02:18.0070 0268        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2011/04/28 22:02:18.0117 0268        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/04/28 22:02:18.0148 0268        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/04/28 22:02:18.0179 0268        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/04/28 22:02:18.0226 0268        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/04/28 22:02:18.0257 0268        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/04/28 22:02:18.0304 0268        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/04/28 22:02:18.0335 0268        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/04/28 22:02:18.0367 0268        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/04/28 22:02:18.0413 0268        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2011/04/28 22:02:18.0460 0268        UBHelper        (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys

2011/04/28 22:02:18.0507 0268        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/04/28 22:02:18.0538 0268        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2011/04/28 22:02:18.0569 0268        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2011/04/28 22:02:18.0601 0268        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/04/28 22:02:18.0647 0268        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/04/28 22:02:18.0679 0268        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/04/28 22:02:18.0741 0268        USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys

2011/04/28 22:02:18.0788 0268        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/04/28 22:02:18.0803 0268        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/04/28 22:02:18.0866 0268        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/04/28 22:02:18.0897 0268        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/04/28 22:02:18.0944 0268        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/04/28 22:02:18.0975 0268        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/04/28 22:02:19.0022 0268        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/04/28 22:02:19.0069 0268        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/04/28 22:02:19.0100 0268        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/04/28 22:02:19.0131 0268        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

2011/04/28 22:02:19.0162 0268        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/04/28 22:02:19.0193 0268        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/04/28 22:02:19.0225 0268        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2011/04/28 22:02:19.0240 0268        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2011/04/28 22:02:19.0271 0268        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2011/04/28 22:02:19.0287 0268        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/04/28 22:02:19.0349 0268        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/04/28 22:02:19.0396 0268        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/04/28 22:02:19.0427 0268        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2011/04/28 22:02:19.0459 0268        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/04/28 22:02:19.0490 0268        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/28 22:02:19.0490 0268        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/28 22:02:19.0537 0268        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2011/04/28 22:02:19.0568 0268        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/04/28 22:02:19.0661 0268        winachsf        (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

2011/04/28 22:02:19.0708 0268        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/04/28 22:02:19.0771 0268        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/04/28 22:02:19.0802 0268        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/04/28 22:02:19.0864 0268        WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys

2011/04/28 22:02:19.0911 0268        WSDScan         (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys

2011/04/28 22:02:19.0958 0268        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/04/28 22:02:20.0020 0268        xusb21          (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\Windows\system32\DRIVERS\xusb21.sys

2011/04/28 22:02:20.0036 0268        yukonwlh        (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys

2011/04/28 22:02:20.0129 0268        ================================================================================

2011/04/28 22:02:20.0129 0268        Scan finished

2011/04/28 22:02:20.0129 0268        ================================================================================

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

http://i266.photobucket.com/albums/i...ownload_FF.gif

http://i94.photobucket.com/albums/l8...x-Download.png

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

hier ist es

Code:

ComboFix 11-04-28.01 - Toni 28.04.2011  22:17:22.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1794 [GMT 2:00]

ausgeführt von:: c:\users\Toni\Desktop\Combo-Fix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Acer\Acer Bio Protection\PwdFilter.dll

c:\users\Nadine\AppData\Roaming\.#

c:\users\Toni\AppData\Roaming\.#

c:\users\Toni\AppData\Roaming\.#\MBX@16D0@282990.###

c:\users\Toni\AppData\Roaming\.#\MBX@16D0@2829C0.###

c:\users\Toni\AppData\Roaming\.#\MBX@16D0@2829F0.###

c:\users\Toni\AppData\Roaming\avdrn.dat

c:\windows\system32\midas.dll

D:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-28 bis 2011-04-28  ))))))))))))))))))))))))))))))

.

.

2011-04-28 20:22 . 2011-04-28 20:26        --------        d-----w-        c:\users\Toni\AppData\Local\temp

2011-04-27 19:14 . 2011-04-27 19:14        --------        d-----w-        c:\program files\ERUNT

2011-04-27 15:22 . 2011-04-27 15:22        --------        d-----w-        c:\users\Toni\AppData\Roaming\Malwarebytes

2011-04-27 15:22 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-27 15:21 . 2011-04-27 15:21        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-27 15:21 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-27 15:21 . 2011-04-27 19:47        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-04-27 15:07 . 2011-03-03 15:40        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll

2011-04-27 15:07 . 2011-03-03 13:35        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll

2011-04-27 15:07 . 2011-03-12 21:55        876032        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-04-26 14:40 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C64EC63-7762-47E8-B264-585093B63825}\mpengine.dll

2011-04-19 05:46 . 2011-04-19 05:46        --------        d-----w-        c:\program files\iPod

2011-04-19 05:46 . 2011-04-19 05:47        --------        d-----w-        c:\program files\iTunes

2011-04-19 05:44 . 2011-04-19 05:44        --------        d-----w-        c:\program files\Bonjour

2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\system32\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20        75040        ----a-w-        c:\windows\system32\jdns_sd.dll

2011-04-06 14:20 . 2011-04-06 14:20        197920        ----a-w-        c:\windows\system32\dnssdX.dll

2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\system32\dns-sd.exe

2011-04-01 19:27 . 2011-04-01 19:27        --------        d-----w-        c:\users\Toni\AppData\Roaming\Simfy

2011-04-01 19:27 . 2011-04-01 19:27        --------        d-----w-        c:\program files\simfy

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-03 14:06 . 2009-08-18 09:30        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2011-04-03 14:06 . 2009-08-18 09:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-16 18:35 . 2010-04-17 08:45        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-03-03 15:40 . 2011-04-27 15:07        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll

2011-03-03 15:40 . 2011-04-27 15:07        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2011-03-03 15:40 . 2011-04-27 15:07        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll

2011-03-03 15:40 . 2011-04-27 15:07        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll

2011-02-22 14:13 . 2011-03-22 19:27        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-02-22 13:33 . 2011-03-22 19:27        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2011-02-22 13:33 . 2011-03-22 19:27        797696        ----a-w-        c:\windows\system32\FntCache.dll

2011-02-18 15:36 . 2011-02-18 15:36        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys

2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll

2011-02-02 16:11 . 2009-10-03 08:39        222080        ------w-        c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]

.

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-11-13 20:58        3913000        ----a-w-        c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

2010-11-13 20:58        3913000        ----a-w-        c:\program files\softonic-de3\tbsoft.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]

.

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]

.

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38        121392        ----a-w-        c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-19 13543968]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 6111232]

"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-16 3667968]

"Skytel"="Skytel.exe" [2007-11-21 1826816]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]

.

c:\users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

DSL-Manager.lnk - c:\program files\T-Online\DSL-Manager\DslMgr.exe [2008-11-2 1085440]

.

c:\users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

DSL-Manager.lnk -  [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-17 813584]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

DSL-Manager.lnk - c:\program files\T-Online\DSL-Manager\DslMgr.exe [2008-11-2 1085440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]

2008-10-16 17:36        3110912        ----a-w-        c:\program files\Acer\Acer Bio Protection\WinNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ehTray.exe"=c:\windows\ehome\ehTray.exe

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon

"starter4g"=c:\windows\starter4g.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2010-10-16 103424]

R3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys [2007-09-12 26816]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]

R3 TDslMgrService;DSL-Manager;c:\program files\T-Online\DSL-Manager\DslMgrSvc.exe [2008-10-23 307200]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]

R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-10-29 717296]

S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 16448]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]

S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]

S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]

S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-10-16 3517440]

S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]

S2 Prosieben;maxdome Download Manager;c:\program files\maxdome\DCBin\DCService.exe [2009-05-01 77032]

S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]

S2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2010-04-12 329168]

S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-05-03 145064]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384]

S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2011-04-28 c:\windows\Tasks\1-Klick-Wartung.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]

.

2011-04-27 c:\windows\Tasks\User_Feed_Synchronization-{17657013-1DD7-4F20-A29C-8ACF8A4BCC3C}.job

- c:\windows\system32\msfeedssync.exe [2011-04-13 04:43]

.

2011-04-28 c:\windows\Tasks\User_Feed_Synchronization-{4CA0E136-6AAF-4555-9DA6-79992AB719F2}.job

- c:\windows\system32\msfeedssync.exe [2011-04-13 04:43]

.

.

------- Zusätzlicher Suchlauf -------

.

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_5930

uInternet Settings,ProxyOverride = *.local

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

Trusted Zone: gamepoint.de\www

Trusted Zone: navigram.com\www

DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} - hxxps://account.maxdome.de/presentation/script/HWTest.CAB

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan-canvasx.cab

DPF: {98474E4F-5229-4CAC-9E28-6D52D992268D} - hxxp://kpscdhaendler.ar-live.de/afc-frontend/main/Setup_AFC_ONLINE_2_7_0_3_STANDARD.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-04-28 22:26

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Prosieben]

"ImagePath"="\"c:\program files\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1215369525-1028455303-3733899402-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE2C6785-0A3D-672C-5577-E57826722AE6}*]

"halhgbinmaafheop"=hex:6b,61,62,62,65,69,69,66,6b,6d,66,65,67,6a,62,6e,63,61,

   69,65,6d,70,00,00

"gaehllbfdokfhn"=hex:61,63,69,62,6b,6a,70,6d,62,6b,64,69,68,64,67,70,6a,6b,6d,

   66,63,63,6c,6f,6a,6f,68,6c,65,6d,6d,70,68,6f,62,67,70,6c,63,62,70,65,6e,64,\

.

[HKEY_USERS\S-1-5-21-1215369525-1028455303-3733899402-1000\Software\SecuROM\License information*]

"datasecu"=hex:77,59,2c,ba,bd,fa,ac,7b,10,66,69,17,fe,61,d5,83,b0,fb,95,63,b9,

   5f,02,39,3f,25,56,0a,e5,47,03,eb,50,88,d1,74,f7,6e,6c,cb,38,6d,53,15,0c,96,\

"rkeysecu"=hex:33,a4,31,db,1c,09,e2,6c,c1,53,98,cd,52,c3,21,e7

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(3564)

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll

c:\windows\system32\btncopy.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\rundll32.exe

c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\TUProgSt.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\conime.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-04-28  22:34:47 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-04-28 20:34

.

Vor Suchlauf: 16 Verzeichnis(se), 67.646.935.040 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 68.626.829.312 Bytes frei

.

- - End Of File - - 63A758C39E9C3283DC310627D8082ECC