Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Anwendungen beenden sich von selbst (https://www.trojaner-board.de/98900-anwendungen-beenden-selbst.html)

dr.hardcore 10.05.2011 16:48
Anwendungen beenden sich von selbst
 
Hallo,
ich habe das Problem sobald ich das spielen anfange, so nach ca. 5 minuten
meldet windows dass die anwendung auch die anwendungen im hintergrund beendet werden müssen.
Danach geht gar nichts mehr erst sobald ich den pc neustarte geht es wieder, aber nach diesen 5 minuten ist weider schluss :/.
bitte um Hilfe

:dankeschoen: im vorraus dr.hardcore



PS:
hier die hijack-this logfile.

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:38:58, on 10.05.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\EslWire\inGame32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Josh\Downloads\HiJackThis204.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/sk27211/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Josh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9989 bytes
--- --- ---

Oder könnte vielleicht ein Hardwareproblem der Grund sein?

cosinus 10.05.2011 20:26
http://www.trojaner-board.de/images/icons/icon4.gif Bitte beachten http://www.trojaner-board.de/images/icons/icon4.gif => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

dr.hardcore 11.05.2011 14:15
ok danke dafür hab jez die anletung durchgemacht hier die OTL.txt :OTL Logfile:
Code:
OTL logfile created on: 11.05.2011 14:54:57 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Josh\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,59 Gb Total Space | 13,85 Gb Free Space | 23,63% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 80,81 Gb Free Space | 17,35% Space Free | Partition Type: NTFS
Drive E: | 537,58 Gb Total Space | 53,18 Gb Free Space | 9,89% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.11 14:49:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.05.01 13:27:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.29 15:42:48 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.04.14 12:43:38 | 000,024,480 | ---- | M] () -- C:\Program Files\EslWire\inGame32.exe
PRC - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.22 17:51:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.03.16 16:34:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.15 14:49:10 | 002,158,592 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe
PRC - [2009.11.13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.11 14:49:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.12.14 15:00:54 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.05.04 18:13:15 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.04 14:17:59 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011.05.01 13:27:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.22 17:51:20 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.18 17:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.16 16:34:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.14 15:04:48 | 002,019,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.12.14 15:00:50 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.04.18 12:11:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.04.14 12:43:38 | 000,179,616 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2011.04.12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.03.21 21:26:32 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.03 17:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.01.10 15:23:15 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.01.10 15:23:15 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.09 03:14:23 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)
DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.11.28 14:34:56 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.facemoods.com/?a=ddr [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/sk27211/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 CC F5 59 BF DD CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "google.de|facebook.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=sk27211&tb_ver=1.1.9&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.21 09:12:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.21 09:12:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.29 15:42:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.28 16:09:26 | 000,000,000 | ---D | M]
 
[2011.03.28 17:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2011.03.28 17:45:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011.05.02 16:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rv3mevtg.default\extensions
[2011.03.22 20:48:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\rv3mevtg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.01 17:14:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\rv3mevtg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.14 16:51:52 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\rv3mevtg.default\extensions\DTToolbar@toolbarnet.com
[2011.03.18 22:29:59 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\rv3mevtg.default\extensions\personas@christopher.beard
[2011.03.21 21:26:21 | 000,002,059 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\rv3mevtg.default\searchplugins\daemon-search.xml
[2011.05.10 17:37:55 | 000,001,048 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\rv3mevtg.default\searchplugins\icqplugin.xml
[2011.03.21 12:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.03.14 20:33:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.21 11:08:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV3MEVTG.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV3MEVTG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RV3MEVTG.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011.04.29 15:42:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.14 20:29:34 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Download-Version\Trayserver.exe (MAGIX AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Josh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Josh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\video_deluxe_17_de-de_setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\videodeluxe.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninst.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\video_deluxe_17_de-de_setup.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O27 - HKLM IFEO\videodeluxe.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.19 18:34:57 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.08 20:36:49 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.11 14:53:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.11 14:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.05.11 14:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.05.11 14:49:37 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\***\Desktop\Erunt-setup.exe
[2011.05.11 14:49:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.05.11 14:49:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2011.05.10 21:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHYWE Systeme
[2011.05.10 21:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PHYWE
[2011.05.10 16:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryFix8
[2011.05.10 16:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegistryFix8
[2011.05.10 15:54:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2011.05.10 15:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.05.08 17:08:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{503C87F5-EE69-4CBA-BADE-D1DB31802093}
[2011.05.08 11:30:23 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\2011-05-08
[2011.05.07 11:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer
[2011.05.07 11:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fotosizer
[2011.05.07 11:06:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.05.07 11:06:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2011.05.07 11:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011.05.07 11:05:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C982C60A-EA1C-4F1E-B691-CFD2A4BB9986}
[2011.05.06 20:27:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F6D99480-AE37-42B1-BF99-DDF95D6792CB}
[2011.05.06 16:03:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ESL Wire Game Client
[2011.05.06 16:02:06 | 000,179,616 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2011.05.06 16:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
[2011.05.06 16:01:53 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys
[2011.05.06 16:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2011.05.06 16:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire
[2011.05.04 18:37:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.05.04 17:03:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AD4BC4C7-25C3-45A5-ADCD-A20847E9DC69}
[2011.05.03 20:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2011.05.03 20:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011.04.28 22:41:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss
[2011.04.28 17:34:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\2011-04-28
[2011.04.27 13:12:10 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.04.27 13:12:10 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.04.27 12:58:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SystemRequirementsLab
[2011.04.26 22:01:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PunkBuster
[2011.04.22 21:34:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011.04.21 12:46:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\kaneandlynch
[2011.04.21 11:45:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Beat Hazard
[2011.04.20 22:17:26 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\2011-04-20
[2011.04.18 23:43:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Fallout3
[2011.04.18 21:11:30 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\musik
[2011.04.17 14:21:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Games
[2011.04.17 14:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2011.04.17 14:20:42 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TrackMania
[2011.04.16 14:36:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2011.04.16 14:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.04.16 14:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.04.16 13:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo
[2011.04.16 13:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\devolo
[2011.04.14 16:42:11 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\2011-04-14
[2011.04.13 19:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011.04.13 19:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011.04.13 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9509CC42-63CC-408C-88C2-1187B7BE8676}
[2011.04.12 17:00:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4CFF7204-F40C-419B-AA43-38D25B2F8DDD}
[1 C:\Users\Josh\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.11 14:56:23 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.11 14:56:23 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.11 14:52:56 | 000,000,932 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011.05.11 14:52:56 | 000,000,913 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011.05.11 14:51:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.11 14:51:12 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.11 14:49:47 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Josh\Desktop\Erunt-setup.exe
[2011.05.11 14:49:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.05.11 14:49:41 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2011.05.11 14:48:07 | 000,377,282 | ---- | M] () -- C:\Users\***\Desktop\Load.exe
[2011.05.11 14:32:05 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001UA.job
[2011.05.10 20:59:44 | 008,573,056 | ---- | M] () -- C:\Users\***\Desktop\Colors Of The Rainbow.mp3
[2011.05.10 20:25:07 | 129,606,311 | ---- | M] () -- C:\Users\***\Desktop\masacker special.wmv
[2011.05.10 20:00:56 | 000,957,352 | ---- | M] () -- C:\Users\***\Desktop\hardcore t-shirt.png
[2011.05.10 19:59:27 | 001,119,055 | ---- | M] () -- C:\Users\***\Desktop\sr t-shirt.png
[2011.05.10 19:39:27 | 289,271,808 | ---- | M] () -- C:\Users\***\Desktop\thoma kill.avi
[2011.05.10 18:32:02 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001Core.job
[2011.05.10 15:23:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011.05.10 15:06:18 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2011.05.10 14:33:46 | 000,002,399 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2011.05.08 12:20:42 | 000,029,719 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2011.05.08 11:38:44 | 000,694,194 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.08 11:38:44 | 000,651,672 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.08 11:38:44 | 000,147,318 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.08 11:38:44 | 000,120,604 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.08 11:38:43 | 001,611,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.07 18:06:58 | 000,000,201 | ---- | M] () -- C:\Users\***\Desktop\RUSH.url
[2011.05.07 11:52:13 | 000,001,051 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk
[2011.05.07 11:52:13 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Fotosizer.lnk
[2011.05.07 11:18:39 | 000,151,552 | ---- | M] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011.05.04 18:57:44 | 000,000,807 | ---- | M] () -- C:\Users\***\Desktop\Steam Uncut.lnk
[2011.05.04 18:14:30 | 000,000,544 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.05.04 16:42:44 | 000,014,890 | ---- | M] () -- C:\Users\***\Desktop\abc.jpg
[2011.05.03 20:10:06 | 000,008,381 | ---- | M] () -- C:\Users\***\Desktop\Zombatar_1.jpg
[2011.05.02 20:04:55 | 682,240,512 | ---- | M] () -- C:\Users\***\Desktop\hdhell.avi
[2011.05.02 14:14:25 | 009,851,441 | ---- | M] () -- C:\Users\***\Desktop\neue vorschau skilled raiders.c4d
[2011.04.29 15:42:58 | 000,002,060 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.04.28 22:38:52 | 000,388,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.28 19:59:40 | 001,036,854 | ---- | M] () -- C:\Users\***\Documents\untitled.bmp
[2011.04.28 19:33:53 | 000,056,544 | ---- | M] () -- C:\Users\***\Documents\melli.jpg
[2011.04.27 22:36:29 | 000,039,464 | ---- | M] () -- C:\Users\***\Documents\208744_216872298324129_100000040814547_916383_3700021_n.jpg
[2011.04.27 22:25:26 | 000,044,570 | ---- | M] () -- C:\Users\***\Documents\25236-pinocchio-tattoo.jpg
[2011.04.27 22:24:13 | 000,035,616 | ---- | M] () -- C:\Users\***\Documents\226592_220974057916560_155194021161231_1000522_2294664_n.jpg
[2011.04.22 21:34:25 | 000,000,576 | ---- | M] () -- C:\Users\***\Desktop\Fraps.lnk
[2011.04.21 16:59:17 | 000,001,621 | ---- | M] () -- C:\Users\***\Desktop\CINEMA 4D 32-bit.lnk
[2011.04.19 15:44:15 | 000,001,125 | ---- | M] () -- C:\Users\***\Desktop\Fallout3ng - Shortcut.lnk
[2011.04.18 12:11:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys
[2011.04.16 23:52:03 | 000,015,574 | -HS- | M] () -- C:\Users\***\Desktop\Folder.jpg
[2011.04.16 23:52:03 | 000,003,819 | -HS- | M] () -- C:\Users\***\Desktop\AlbumArtSmall.jpg
[2011.04.16 14:36:10 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.04.14 16:45:00 | 003,711,167 | ---- | M] () -- C:\Users\***\math10008.JPG
[2011.04.14 12:43:38 | 000,179,616 | ---- | M] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2011.04.13 19:41:13 | 000,001,108 | ---- | M] () -- C:\Users\***\Desktop\Vegas Pro 10.0.lnk
[2011.04.13 19:34:45 | 000,002,596 | ---- | M] () -- C:\Users\***\Documents\Vegas Pro registrieren.htm
[2011.04.13 15:36:48 | 000,000,584 | ---- | M] () -- C:\Users\***\Documents\Default.sfvidcap
[1 C:\Users\Josh\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.11 14:53:15 | 000,001,112 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.05.11 14:52:56 | 000,000,932 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011.05.11 14:52:56 | 000,000,913 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011.05.11 14:48:02 | 000,377,282 | ---- | C] () -- C:\Users\***\Desktop\Load.exe
[2011.05.10 20:59:31 | 008,573,056 | ---- | C] () -- C:\Users\***\Desktop\Colors Of The Rainbow.mp3
[2011.05.10 20:00:54 | 000,957,352 | ---- | C] () -- C:\Users\***\Desktop\hardcore t-shirt.png
[2011.05.10 19:59:26 | 001,119,055 | ---- | C] () -- C:\Users\***\Desktop\sr t-shirt.png
[2011.05.10 19:47:05 | 129,606,311 | ---- | C] () -- C:\Users\***\Desktop\masacker special.wmv
[2011.05.10 19:32:26 | 289,271,808 | ---- | C] () -- C:\Users\***\Desktop\thoma kill.avi
[2011.05.10 15:24:42 | 000,011,164 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2011.05.10 15:23:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011.05.10 15:06:18 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2011.05.08 12:20:42 | 000,029,719 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.05.07 11:52:13 | 000,001,051 | ---- | C] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk
[2011.05.07 11:52:13 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Fotosizer.lnk
[2011.05.07 11:18:50 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011.05.07 11:06:17 | 000,001,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011.05.04 18:57:44 | 000,000,807 | ---- | C] () -- C:\Users\***\Desktop\Steam Uncut.lnk
[2011.05.04 16:42:44 | 000,014,890 | ---- | C] () -- C:\Users\***\Desktop\abc.jpg
[2011.05.03 20:10:06 | 000,008,381 | ---- | C] () -- C:\Users\***\Desktop\Zombatar_1.jpg
[2011.05.02 18:50:50 | 682,240,512 | ---- | C] () -- C:\Users\***\Desktop\hdhell.avi
[2011.04.29 16:59:42 | 009,851,441 | ---- | C] () -- C:\Users\***\Desktop\neue vorschau skilled raiders.c4d
[2011.04.28 19:59:11 | 001,036,854 | ---- | C] () -- C:\Users\***\Documents\untitled.bmp
[2011.04.28 19:33:40 | 000,056,544 | ---- | C] () -- C:\Users\***\Documents\melli.jpg
[2011.04.27 22:36:27 | 000,039,464 | ---- | C] () -- C:\Users\***\Documents\208744_216872298324129_100000040814547_916383_3700021_n.jpg
[2011.04.27 22:25:25 | 000,044,570 | ---- | C] () -- C:\Users\***\Documents\25236-pinocchio-tattoo.jpg
[2011.04.27 22:24:10 | 000,035,616 | ---- | C] () -- C:\Users\***\Documents\226592_220974057916560_155194021161231_1000522_2294664_n.jpg
[2011.04.22 21:34:25 | 000,000,576 | ---- | C] () -- C:\Users\***\Desktop\Fraps.lnk
[2011.04.21 16:59:17 | 000,001,621 | ---- | C] () -- C:\Users\***\Desktop\CINEMA 4D 32-bit.lnk
[2011.04.19 15:44:15 | 000,001,125 | ---- | C] () -- C:\Users\***\Desktop\Fallout3ng - Shortcut.lnk
[2011.04.16 14:36:10 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.04.14 16:45:00 | 003,711,167 | ---- | C] () -- C:\Users\***\math10008.JPG
[2011.04.13 19:41:13 | 000,001,108 | ---- | C] () -- C:\Users\***\Desktop\Vegas Pro 10.0.lnk
[2011.04.13 19:29:19 | 000,002,596 | ---- | C] () -- C:\Users\***\Documents\Vegas Pro registrieren.htm
[2011.04.13 15:36:48 | 000,000,584 | ---- | C] () -- C:\Users\***\Documents\Default.sfvidcap
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.02 22:30:32 | 001,571,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.01 17:24:33 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011.03.22 17:51:22 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.22 17:51:20 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.19 20:21:35 | 000,010,451 | ---- | C] () -- C:\Program Files (x86)\Z4[j5-1]vk-w.dat
[2011.03.15 19:12:44 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.08 22:36:01 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\RtlCPAPI.dll
[2011.03.08 22:36:01 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2011.03.08 20:55:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,778,240 | ---- | C] () -- C:\Windows\SysWow64\DivXsm.exe
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
 
========== LOP Check ==========
 
[2011.04.21 11:45:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Beat Hazard
[2011.03.16 22:37:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.05.07 11:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.03.22 17:43:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.03.22 20:48:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.08 11:35:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.04.09 09:38:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.03.19 20:06:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.03.19 13:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON
[2011.04.09 13:22:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaProSoft Free 3GP to AVI Converter
[2011.03.15 16:22:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaProSoft Free WMV to AVI MPEG Converter
[2011.04.08 17:37:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.03.10 13:01:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Propellerhead Software
[2011.03.14 21:24:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2011.03.22 17:51:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PunkBuster
[2011.03.28 14:37:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Screaming Bee
[2011.04.13 19:40:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.04.09 20:59:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Creative Software Inc
[2011.04.27 12:58:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SystemRequirementsLab
[2011.05.04 19:44:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.03.28 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011.04.15 15:15:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.04.06 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.04.02 14:38:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2011.05.08 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.04.07 17:32:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZombieDriver
[2011.05.04 14:48:26 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.03.19 13:13:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.11 13:10:56 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.03.05 12:32:26 | 000,000,000 | ---D | M] -- C:\canon
[2011.03.16 22:26:14 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.04.22 21:34:25 | 000,000,000 | ---D | M] -- C:\Fraps
[2011.01.18 20:28:09 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.03.08 20:38:18 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.06 16:01:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.05.11 14:52:56 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.05.06 16:01:52 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.03.08 20:27:30 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010.07.21 20:38:52 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.05.11 14:55:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.04.27 13:14:47 | 000,000,000 | R--D | M] -- C:\Users
[2011.05.11 14:53:55 | 000,000,000 | ---D | M] -- C:\Windows
[2010.12.10 23:17:25 | 000,000,000 | ---D | M] -- C:\xampp
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<          >

< End of report >
--- --- ---

cosinus 11.05.2011 14:41
Was ist mit malwarebytes?

dr.hardcore 11.05.2011 15:11
So hier jetzt noch Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6546

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11.05.2011 16:05:37
mbam-log-2011-05-11 (16-05-37).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 176973
Laufzeit: 1 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

cosinus 11.05.2011 15:41
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

dr.hardcore 11.05.2011 15:47
hier nochn alter Vollscan aber ich mach jez noch einen neuen mit der neuen Version:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6546

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10.05.2011 15:54:06
mbam-log-2011-05-10 (15-54-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 74368
Laufzeit: 6 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 11.05.2011 16:01
Zitat:
Datenbank Version: 6546
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.
Poste alle Logs die im Reiter Logdateien sind!!!

dr.hardcore 11.05.2011 16:13
1. Das ist der einzigste
2. mach ich grad einen neuen vollscan

dr.hardcore 11.05.2011 16:19
Hier jetzt der neue Vollscan :

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6555

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11.05.2011 17:19:18
mbam-log-2011-05-11 (17-19-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 330375
Laufzeit: 30 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 11.05.2011 20:30
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.19 18:34:57 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.08 20:36:49 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
[2011.05.04 17:03:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AD4BC4C7-25C3-45A5-ADCD-A20847E9DC69}
[2011.04.13 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9509CC42-63CC-408C-88C2-1187B7BE8676}
[2011.04.12 17:00:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4CFF7204-F40C-419B-AA43-38D25B2F8DDD}
[2011.03.19 20:21:35 | 000,010,451 | ---- | C] () -- C:\Program Files (x86)\Z4[j5-1]vk-w.dat
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

dr.hardcore 12.05.2011 16:18
OK habs gemacht aber jez stürtzt er ,zwar nach längerer zeit wieder ab :/

dr.hardcore 12.05.2011 17:46
Heri dir Log-Files:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File D:\AUTOEXEC.BAT not found.
Folder C:\Users\***\AppData\Local\{AD4BC4C7-25C3-45A5-ADCD-A20847E9DC69}\ not found.
Folder C:\Users\***\AppData\Local\{9509CC42-63CC-408C-88C2-1187B7BE8676}\ not found.
Folder C:\Users\***\AppData\Local\{4CFF7204-F40C-419B-AA43-38D25B2F8DDD}\ not found.
File C:\Program Files (x86)\Z4[j5-1]vk-w.dat not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Josh
->Temp folder emptied: 58477 bytes
->Temporary Internet Files folder emptied: 1503181 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32925623 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 952 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 87360 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 52191 bytes

Total Files Cleaned = 33,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05122011_184348

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


da steht dass es die files nicht gefunden hat weil ichs zweimal durchlaufen musste da es beim ersten mal keine Log-Files geöffnet hat.

cosinus 12.05.2011 19:20
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

dr.hardcore 12.05.2011 19:34
Ok hier der Log hat aber nichts gefunden :
2011/05/12 20:31:11.0238 3060 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/12 20:31:11.0573 3060 ================================================================================
2011/05/12 20:31:11.0573 3060 SystemInfo:
2011/05/12 20:31:11.0573 3060
2011/05/12 20:31:11.0573 3060 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/12 20:31:11.0573 3060 Product type: Workstation
2011/05/12 20:31:11.0573 3060 ComputerName: ***-PC
2011/05/12 20:31:11.0573 3060 UserName: ***
2011/05/12 20:31:11.0573 3060 Windows directory: C:\Windows
2011/05/12 20:31:11.0573 3060 System windows directory: C:\Windows
2011/05/12 20:31:11.0573 3060 Running under WOW64
2011/05/12 20:31:11.0573 3060 Processor architecture: Intel x64
2011/05/12 20:31:11.0573 3060 Number of processors: 4
2011/05/12 20:31:11.0573 3060 Page size: 0x1000
2011/05/12 20:31:11.0573 3060 Boot type: Normal boot
2011/05/12 20:31:11.0573 3060 ================================================================================
2011/05/12 20:31:11.0820 3060 Initialize success
2011/05/12 20:31:13.0473 2508 ================================================================================
2011/05/12 20:31:13.0473 2508 Scan started
2011/05/12 20:31:13.0473 2508 Mode: Manual;
2011/05/12 20:31:13.0473 2508 ================================================================================
2011/05/12 20:31:14.0278 2508 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/05/12 20:31:14.0308 2508 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/05/12 20:31:14.0326 2508 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/05/12 20:31:14.0354 2508 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/12 20:31:14.0389 2508 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/12 20:31:14.0414 2508 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/12 20:31:14.0462 2508 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/05/12 20:31:14.0487 2508 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/05/12 20:31:14.0550 2508 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/05/12 20:31:14.0664 2508 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/05/12 20:31:14.0693 2508 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/12 20:31:14.0715 2508 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/12 20:31:14.0738 2508 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/05/12 20:31:14.0766 2508 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/12 20:31:14.0790 2508 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/05/12 20:31:14.0832 2508 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/05/12 20:31:14.0868 2508 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/12 20:31:14.0891 2508 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/12 20:31:14.0931 2508 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/12 20:31:14.0946 2508 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/05/12 20:31:15.0006 2508 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/12 20:31:15.0027 2508 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/12 20:31:15.0067 2508 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/12 20:31:15.0091 2508 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/12 20:31:15.0129 2508 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/12 20:31:15.0163 2508 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/12 20:31:15.0194 2508 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/12 20:31:15.0220 2508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/12 20:31:15.0234 2508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/12 20:31:15.0263 2508 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/12 20:31:15.0283 2508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/12 20:31:15.0303 2508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/12 20:31:15.0319 2508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/12 20:31:15.0348 2508 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/12 20:31:15.0370 2508 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/12 20:31:15.0403 2508 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/12 20:31:15.0438 2508 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys
2011/05/12 20:31:15.0475 2508 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/12 20:31:15.0503 2508 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/12 20:31:15.0528 2508 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/12 20:31:15.0558 2508 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/12 20:31:15.0600 2508 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/12 20:31:15.0646 2508 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/12 20:31:15.0675 2508 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/05/12 20:31:15.0710 2508 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/05/12 20:31:15.0737 2508 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/12 20:31:15.0767 2508 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/12 20:31:15.0793 2508 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/12 20:31:15.0836 2508 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/05/12 20:31:16.0025 2508 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
2011/05/12 20:31:16.0064 2508 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/05/12 20:31:16.0084 2508 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/12 20:31:16.0100 2508 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/12 20:31:16.0172 2508 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/12 20:31:16.0202 2508 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/05/12 20:31:16.0234 2508 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/12 20:31:16.0316 2508 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/12 20:31:16.0419 2508 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/12 20:31:16.0456 2508 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/05/12 20:31:16.0500 2508 ESLvnic1 (c33acb897af927d1c1bd84f211fae75b) C:\Windows\system32\DRIVERS\ESLvnic.sys
2011/05/12 20:31:16.0546 2508 ESLWireAC (d7c7f2e323f91478bf9924a3fa29d3ea) C:\Windows\system32\drivers\ESLWireACD.sys
2011/05/12 20:31:16.0594 2508 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/12 20:31:16.0669 2508 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/12 20:31:16.0695 2508 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/12 20:31:16.0719 2508 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/12 20:31:16.0743 2508 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/12 20:31:16.0770 2508 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/12 20:31:16.0804 2508 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/05/12 20:31:16.0855 2508 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/12 20:31:16.0906 2508 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/12 20:31:16.0927 2508 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/12 20:31:16.0953 2508 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/12 20:31:16.0983 2508 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/12 20:31:17.0005 2508 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/12 20:31:17.0054 2508 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/05/12 20:31:17.0084 2508 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/12 20:31:17.0104 2508 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/12 20:31:17.0140 2508 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/12 20:31:17.0169 2508 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/12 20:31:17.0204 2508 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/12 20:31:17.0245 2508 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/12 20:31:17.0289 2508 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/05/12 20:31:17.0325 2508 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/12 20:31:17.0356 2508 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/12 20:31:17.0387 2508 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/05/12 20:31:17.0421 2508 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/12 20:31:17.0506 2508 IntcAzAudAddService (9297bc7fb61f58670ee176dd18f4dd92) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/12 20:31:17.0539 2508 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/05/12 20:31:17.0570 2508 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/12 20:31:17.0610 2508 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/12 20:31:17.0639 2508 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/12 20:31:17.0668 2508 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/12 20:31:17.0695 2508 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/12 20:31:17.0718 2508 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/05/12 20:31:17.0753 2508 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/05/12 20:31:17.0788 2508 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/12 20:31:17.0813 2508 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/12 20:31:17.0836 2508 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/12 20:31:17.0866 2508 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/12 20:31:17.0889 2508 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/12 20:31:17.0940 2508 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/12 20:31:17.0979 2508 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/12 20:31:18.0009 2508 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/12 20:31:18.0037 2508 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/12 20:31:18.0055 2508 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/12 20:31:18.0073 2508 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/12 20:31:18.0098 2508 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/12 20:31:18.0125 2508 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/12 20:31:18.0149 2508 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/12 20:31:18.0178 2508 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/12 20:31:18.0191 2508 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/12 20:31:18.0209 2508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/12 20:31:18.0245 2508 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/05/12 20:31:18.0285 2508 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/05/12 20:31:18.0316 2508 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/12 20:31:18.0351 2508 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/05/12 20:31:18.0375 2508 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/12 20:31:18.0410 2508 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/12 20:31:18.0431 2508 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/12 20:31:18.0451 2508 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/05/12 20:31:18.0474 2508 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/05/12 20:31:18.0509 2508 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/12 20:31:18.0528 2508 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/12 20:31:18.0542 2508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/05/12 20:31:18.0584 2508 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/12 20:31:18.0603 2508 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/12 20:31:18.0625 2508 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/12 20:31:18.0644 2508 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/05/12 20:31:18.0678 2508 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/05/12 20:31:18.0694 2508 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/12 20:31:18.0722 2508 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/12 20:31:18.0746 2508 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/12 20:31:18.0798 2508 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/12 20:31:18.0844 2508 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/05/12 20:31:18.0871 2508 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/12 20:31:18.0901 2508 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/12 20:31:18.0929 2508 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/12 20:31:18.0947 2508 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/12 20:31:18.0974 2508 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/05/12 20:31:18.0993 2508 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/12 20:31:19.0015 2508 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/12 20:31:19.0089 2508 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys
2011/05/12 20:31:19.0145 2508 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/12 20:31:19.0166 2508 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/12 20:31:19.0233 2508 NPF_devolo (49697c2c761acb5c0de99cc8fe93e95b) C:\Windows\sysWOW64\drivers\npf_devolo.sys
2011/05/12 20:31:19.0252 2508 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/12 20:31:19.0289 2508 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/05/12 20:31:19.0329 2508 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/12 20:31:19.0381 2508 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/05/12 20:31:19.0425 2508 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
2011/05/12 20:31:19.0639 2508 nvlddmkm (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/12 20:31:19.0753 2508 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/05/12 20:31:19.0793 2508 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/05/12 20:31:19.0821 2508 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/05/12 20:31:19.0877 2508 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/05/12 20:31:19.0912 2508 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/05/12 20:31:19.0957 2508 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/12 20:31:19.0986 2508 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/05/12 20:31:20.0012 2508 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/05/12 20:31:20.0031 2508 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/05/12 20:31:20.0054 2508 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/12 20:31:20.0076 2508 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/12 20:31:20.0124 2508 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/12 20:31:20.0227 2508 Point64 (bff219983788581b37f62a3cf2e59163) C:\Windows\system32\DRIVERS\point64k.sys
2011/05/12 20:31:20.0271 2508 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/12 20:31:20.0289 2508 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/12 20:31:20.0332 2508 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/12 20:31:20.0376 2508 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/12 20:31:20.0426 2508 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/12 20:31:20.0453 2508 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/12 20:31:20.0475 2508 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/12 20:31:20.0498 2508 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/12 20:31:20.0528 2508 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/12 20:31:20.0550 2508 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/12 20:31:20.0568 2508 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/12 20:31:20.0597 2508 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/12 20:31:20.0619 2508 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/12 20:31:20.0647 2508 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/12 20:31:20.0685 2508 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/05/12 20:31:20.0708 2508 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/12 20:31:20.0729 2508 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/12 20:31:20.0776 2508 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/05/12 20:31:20.0803 2508 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/05/12 20:31:20.0842 2508 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/05/12 20:31:20.0898 2508 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/12 20:31:20.0943 2508 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/12 20:31:20.0970 2508 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/05/12 20:31:21.0002 2508 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/12 20:31:21.0068 2508 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/12 20:31:21.0118 2508 ScreamBAudioSvc (8b56bdce6a303dde63d63440d1cf9ad1) C:\Windows\system32\drivers\ScreamingBAudio64.sys
2011/05/12 20:31:21.0145 2508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/12 20:31:21.0187 2508 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/12 20:31:21.0208 2508 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/12 20:31:21.0236 2508 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/12 20:31:21.0277 2508 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/05/12 20:31:21.0299 2508 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/12 20:31:21.0323 2508 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/12 20:31:21.0346 2508 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/12 20:31:21.0384 2508 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/12 20:31:21.0406 2508 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/12 20:31:21.0451 2508 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/12 20:31:21.0500 2508 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/12 20:31:21.0541 2508 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/05/12 20:31:21.0572 2508 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/12 20:31:21.0596 2508 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/12 20:31:21.0658 2508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/12 20:31:21.0690 2508 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/05/12 20:31:21.0713 2508 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/05/12 20:31:21.0739 2508 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/05/12 20:31:21.0852 2508 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/05/12 20:31:21.0911 2508 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/12 20:31:21.0954 2508 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/12 20:31:21.0984 2508 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/12 20:31:22.0001 2508 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/12 20:31:22.0032 2508 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/12 20:31:22.0058 2508 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/05/12 20:31:22.0111 2508 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/12 20:31:22.0132 2508 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/12 20:31:22.0198 2508 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
2011/05/12 20:31:22.0237 2508 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/12 20:31:22.0264 2508 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/12 20:31:22.0290 2508 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/12 20:31:22.0333 2508 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/12 20:31:22.0356 2508 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/05/12 20:31:22.0383 2508 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/12 20:31:22.0413 2508 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/12 20:31:22.0452 2508 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/05/12 20:31:22.0472 2508 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/12 20:31:22.0491 2508 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/12 20:31:22.0515 2508 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/12 20:31:22.0557 2508 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/12 20:31:22.0590 2508 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/12 20:31:22.0614 2508 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/12 20:31:22.0638 2508 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/12 20:31:22.0671 2508 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/12 20:31:22.0704 2508 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/12 20:31:22.0730 2508 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/12 20:31:22.0769 2508 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/05/12 20:31:22.0794 2508 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/05/12 20:31:22.0812 2508 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/05/12 20:31:22.0837 2508 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/05/12 20:31:22.0853 2508 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/05/12 20:31:22.0884 2508 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/05/12 20:31:22.0910 2508 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/05/12 20:31:22.0936 2508 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/12 20:31:22.0967 2508 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/12 20:31:22.0993 2508 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/12 20:31:23.0028 2508 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/12 20:31:23.0059 2508 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/12 20:31:23.0074 2508 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/12 20:31:23.0112 2508 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/12 20:31:23.0138 2508 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/12 20:31:23.0193 2508 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/12 20:31:23.0218 2508 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/12 20:31:23.0292 2508 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/12 20:31:23.0331 2508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/12 20:31:23.0392 2508 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/05/12 20:31:23.0419 2508 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/12 20:31:23.0501 2508 ================================================================================
2011/05/12 20:31:23.0501 2508 Scan finished
2011/05/12 20:31:23.0501 2508 ================================================================================

cosinus 12.05.2011 19:40
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

dr.hardcore 12.05.2011 20:00
Hier der Log:
Combofix Logfile:
Code:
ComboFix 11-05-11.04 - Josh 12.05.2011  20:50:38.1.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1033.18.4095.2606 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-12 bis 2011-05-12  ))))))))))))))))))))))))))))))
.
.
2011-05-12 18:54 . 2011-05-12 18:54        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-11 12:52 . 2011-05-11 12:53        --------        d-----w-        c:\program files (x86)\ERUNT
2011-05-10 19:22 . 2011-05-10 19:22        --------        d-----w-        c:\program files (x86)\PHYWE
2011-05-10 14:31 . 2011-05-10 14:31        --------        d-----w-        c:\program files (x86)\RegistryFix8
2011-05-10 13:54 . 2011-05-10 13:54        --------        d-----w-        c:\users\***\AppData\Roaming\Avira
2011-05-10 13:24 . 2010-08-12 09:46        758272        ----a-w-        c:\windows\system32\cohelper.dll
2011-05-10 13:24 . 2010-08-09 20:33        11164        ----a-w-        c:\windows\system32\drivers\nvphy.bin
2011-05-10 12:26 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D17EB876-89C2-4AF7-9C88-0D7FCBCE8BA7}\mpengine.dll
2011-05-08 15:08 . 2011-05-08 15:08        --------        d-----w-        c:\users\***\AppData\Local\{503C87F5-EE69-4CBA-BADE-D1DB31802093}
2011-05-07 09:18 . 2011-05-07 09:18        151552        ----a-w-        c:\windows\SysWow64\nvRegDev.dll
2011-05-07 09:18 . 2003-11-10 16:14        729088        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-05-07 09:18 . 2003-11-10 16:13        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-05-07 09:18 . 2003-11-10 16:12        266240        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-05-07 09:18 . 2003-11-10 16:12        192512        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-05-07 09:18 . 2003-11-10 16:11        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-05-07 09:18 . 2011-05-07 09:18        311428        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-05-07 09:18 . 2011-05-07 09:18        188548        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-05-07 09:06 . 2011-05-07 09:06        --------        d-----w-        c:\users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-05-07 09:06 . 2011-05-07 09:06        --------        d-----w-        c:\program files (x86)\Adobe Download Assistant
2011-05-07 09:06 . 2011-05-07 09:06        --------        d-----w-        c:\program files (x86)\Common Files\Adobe AIR
2011-05-07 09:05 . 2011-05-07 09:05        --------        d-----w-        c:\users\***\AppData\Local\{C982C60A-EA1C-4F1E-B691-CFD2A4BB9986}
2011-05-06 18:27 . 2011-05-06 18:27        --------        d-----w-        c:\users\***\AppData\Local\{F6D99480-AE37-42B1-BF99-DDF95D6792CB}
2011-05-06 14:03 . 2011-05-12 18:48        --------        d-----w-        c:\users\***\AppData\Local\ESL Wire Game Client
2011-05-06 14:02 . 2011-04-14 10:43        179616        ----a-w-        c:\windows\system32\drivers\ESLWireACD.sys
2011-05-06 14:01 . 2011-04-18 10:11        25528        ----a-w-        c:\windows\system32\drivers\ESLvnic.sys
2011-05-06 14:01 . 2011-05-10 13:06        --------        d-----w-        c:\program files\EslWire
2011-05-06 14:01 . 2011-05-06 14:01        --------        d-----w-        c:\programdata\ESL Wire
2011-05-04 16:37 . 2011-05-04 17:44        --------        d-----w-        c:\users\***\AppData\Roaming\TeamViewer
2011-05-03 18:06 . 2011-05-03 18:14        --------        d-----w-        c:\programdata\PopCap Games
2011-05-03 18:06 . 2011-05-03 18:06        --------        d-----w-        c:\programdata\Steam
2011-04-28 20:41 . 2011-04-28 20:41        --------        d-----w-        c:\users\***\AppData\Roaming\dvdcss
2011-04-27 11:14 . 2011-05-10 17:09        --------        d-----w-        c:\users\UpdatusUser
2011-04-27 10:58 . 2011-04-27 10:58        --------        d-----w-        c:\users\***\AppData\Roaming\SystemRequirementsLab
2011-04-26 20:01 . 2011-04-26 20:01        --------        d-----w-        c:\users\***\AppData\Local\PunkBuster
2011-04-21 10:46 . 2011-04-21 10:46        --------        d-----w-        c:\users\***\AppData\Local\kaneandlynch
2011-04-21 09:45 . 2011-04-21 09:45        --------        d-----w-        c:\users\***\AppData\Roaming\Beat Hazard
2011-04-18 21:43 . 2011-04-18 21:43        --------        d-----w-        c:\users\***\AppData\Local\Fallout3
2011-04-18 21:19 . 2011-04-18 21:19        331908        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-04-18 21:19 . 2011-04-18 21:19        200836        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-04-18 21:19 . 2005-04-03 21:02        753664        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-04-18 21:19 . 2005-04-03 21:02        69714        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-04-18 21:19 . 2005-04-03 21:01        274432        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-04-18 21:19 . 2005-04-03 21:00        184320        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-04-18 21:19 . 2005-04-03 21:00        63488        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-04-18 21:19 . 2005-04-03 20:59        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-04-17 12:20 . 2011-04-17 12:20        --------        d-----w-        c:\programdata\TrackMania
2011-04-16 12:36 . 2011-04-28 20:41        --------        d-----w-        c:\users\***\AppData\Roaming\vlc
2011-04-16 12:35 . 2011-04-16 12:35        --------        d-----w-        c:\program files (x86)\VideoLAN
2011-04-16 11:11 . 2011-04-16 11:11        --------        d-----w-        c:\program files (x86)\devolo
2011-04-13 17:41 . 2011-04-13 17:41        --------        d-----w-        c:\program files (x86)\Sony
2011-04-13 16:53 . 2011-03-11 06:34        1359872        ----a-w-        c:\windows\system32\mfc42u.dll
2011-04-13 16:53 . 2011-03-11 06:34        1395712        ----a-w-        c:\windows\system32\mfc42.dll
2011-04-13 16:53 . 2011-03-11 05:33        1164288        ----a-w-        c:\windows\SysWow64\mfc42u.dll
2011-04-13 16:53 . 2011-03-11 05:33        1137664        ----a-w-        c:\windows\SysWow64\mfc42.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 11:01 . 2011-04-12 11:01        52632        ----a-w-        c:\windows\system32\drivers\dc3d.sys
2011-04-12 11:01 . 2011-04-12 11:01        1721576        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2011-04-09 16:55 . 2011-04-09 16:55        15453336        ----a-w-        c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55        13642904        ----a-w-        c:\windows\SysWow64\xlivefnt.dll
2011-04-08 21:00 . 2011-04-08 21:00        465920        ----a-w-        c:\windows\system32\itpcoin815.dll
2011-04-08 21:00 . 2011-04-08 21:00        464896        ----a-w-        c:\windows\system32\ipcoin815.dll
2011-04-08 05:14 . 2011-03-10 12:18        6299752        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2011-03-10 12:18        12934248        ----a-w-        c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2010-07-20 06:27        8411752        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2011-04-08 05:14 . 2010-07-20 06:27        2273896        ----a-w-        c:\windows\system32\nvapi64.dll
2011-04-08 05:14 . 2010-07-20 06:27        2034280        ----a-w-        c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2010-07-20 06:27        10071656        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2011-04-07 21:19 . 2011-04-07 21:19        2582120        ----a-w-        c:\windows\system32\nvsvcr.dll
2011-04-07 21:19 . 2011-04-07 21:19        117864        ----a-w-        c:\windows\system32\nvmctray.dll
2011-04-07 21:19 . 2011-04-07 21:19        1012328        ----a-w-        c:\windows\system32\nvvsvc.exe
2011-04-07 21:19 . 2011-04-07 21:19        797288        ----a-w-        c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 21:19 . 2011-04-07 21:19        6338152        ----a-w-        c:\windows\system32\nvcpl.dll
2011-04-07 21:18 . 2011-04-07 21:18        3041384        ----a-w-        c:\windows\system32\nvsvc64.dll
2011-04-07 15:32 . 2011-04-02 20:22        466456        ----a-w-        c:\windows\system32\wrap_oal.dll
2011-04-07 15:32 . 2011-04-02 20:22        122904        ----a-w-        c:\windows\system32\OpenAL32.dll
2011-04-07 15:32 . 2011-04-02 20:22        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2011-04-07 15:32 . 2011-04-02 20:22        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2011-03-22 15:51 . 2011-03-22 15:51        189248        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2011-03-22 15:51 . 2011-03-22 15:51        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2011-03-21 19:26 . 2011-03-21 19:26        254528        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-21 09:06 . 2011-03-21 09:06        737280        ----a-w-        c:\windows\iun6002.exe
2011-03-19 17:34 . 2011-03-19 17:34        9        ----a-w-        c:\users\***\AppData\Roaming\sjh4fgl24_Z4[j5-1]vk-w.tmp
2011-03-11 08:23 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-03-11 08:23 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-03-11 08:03 . 2009-08-18 10:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-10 11:00 . 2011-03-10 11:00        368640        ----a-w-        c:\windows\SysWow64\ReWire.dll
2011-03-10 11:00 . 2011-03-10 11:00        233472        ----a-w-        c:\windows\SysWow64\REX Shared Library.dll
2011-03-09 10:32 . 2011-03-09 10:32        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll
2011-02-24 17:21 . 2011-03-09 14:05        2753512        ----a-w-        c:\windows\system32\drivers\RTKVHD64.sys
2011-02-22 14:52 . 2011-03-09 14:04        2075712        ----a-w-        c:\windows\system32\FMAPO64.dll
2011-02-22 10:16 . 2011-03-09 14:05        2369128        ----a-w-        c:\windows\system32\RtPgEx64.dll
2011-02-18 09:49 . 2011-03-08 21:05        2839656        ----a-w-        c:\windows\system32\RtkAPO64.dll
2011-02-17 13:03 . 2011-03-09 14:04        648296        ----a-w-        c:\windows\system32\RtkApi64.dll
2011-02-16 12:11 . 2011-03-09 14:04        84072        ----a-w-        c:\windows\system32\RCoInst64.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-07-15 2158592]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2011-05-09 4020224]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe" [2008-08-07 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2008-11-28 34048]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S3 ALSysIO;ALSysIO;c:\users\Josh\AppData\Local\Temp\ALSysIO64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-21 06:43]
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-21 06:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 2314120]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/sk27211/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Josh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\rv3mevtg.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.de|facebook.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=sk27211&tb_ver=1.1.9&q=
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*a*l*f*ZÝÄv\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\SecuROM\License information*]
"datasecu"=hex:74,63,f4,2e,10,48,33,82,a3,62,fe,15,cd,1f,56,29,a3,ca,82,8c,fa,
  a2,2e,b2,a1,6e,b2,94,48,3d,71,59,1a,00,a9,98,22,4e,42,41,a2,fb,c3,8e,4b,3b,\
"rkeysecu"=hex:c5,c8,0e,fe,d5,87,3e,63,08,0d,93,ed,0d,59,e1,b4
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-12  20:56:34
ComboFix-quarantined-files.txt  2011-05-12 18:56
.
Vor Suchlauf: 13.308.899.328 bytes free
Nach Suchlauf: 12.945.108.992 bytes free
.
- - End Of File - - FA8BBCF2D22D0A2EF6964AF2D5C5A494
--- --- ---

cosinus 13.05.2011 15:42
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\windows\system32\drivers\rdvgkmd.sys

Driver::
VGPU
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

dr.hardcore 13.05.2011 16:09
Ok :D hier der Log :
Combofix Logfile:
Code:
ComboFix 11-05-12.03 - Josh 13.05.2011  16:51:31.2.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1033.18.4095.2585 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Josh\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\drivers\rdvgkmd.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_VGPU
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-13 bis 2011-05-13  ))))))))))))))))))))))))))))))
.
.
2011-05-13 14:55 . 2011-05-13 14:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-13 14:55 . 2011-05-13 14:55        --------        d-----w-        c:\users\Administrator\AppData\Local\temp
2011-05-13 12:06 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9621BF18-EDAA-40B4-BBE9-2EC38C0239DB}\mpengine.dll
2011-05-12 15:15 . 2011-05-12 15:15        --------        d-----w-        C:\_OTL
2011-05-11 18:28 . 2011-05-11 18:28        --------        d-----w-        c:\programdata\Skype Extras
2011-05-11 18:27 . 2011-05-11 18:27        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2011-05-11 17:57 . 2011-05-11 17:57        --------        d-----w-        c:\users\***\AppData\Local\{00E62752-7122-4ED3-B138-BD6D86DA661C}
2011-05-11 17:14 . 2011-04-09 07:02        5562240        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-05-11 17:14 . 2011-04-09 06:02        3967872        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 17:14 . 2011-04-09 06:02        3912576        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 12:52 . 2011-05-11 12:53        --------        d-----w-        c:\program files (x86)\ERUNT
2011-05-10 19:22 . 2011-05-10 19:22        --------        d-----w-        c:\program files (x86)\PHYWE
2011-05-10 14:31 . 2011-05-10 14:31        --------        d-----w-        c:\program files (x86)\RegistryFix8
2011-05-10 13:54 . 2011-05-10 13:54        --------        d-----w-        c:\users\***\AppData\Roaming\Avira
2011-05-10 13:24 . 2010-08-12 09:46        758272        ----a-w-        c:\windows\system32\cohelper.dll
2011-05-10 13:24 . 2010-08-09 20:33        11164        ----a-w-        c:\windows\system32\drivers\nvphy.bin
2011-05-08 15:08 . 2011-05-08 15:08        --------        d-----w-        c:\users\***\AppData\Local\{503C87F5-EE69-4CBA-BADE-D1DB31802093}
2011-05-07 09:18 . 2011-05-07 09:18        151552        ----a-w-        c:\windows\SysWow64\nvRegDev.dll
2011-05-07 09:18 . 2003-11-10 16:14        729088        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-05-07 09:18 . 2003-11-10 16:13        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-05-07 09:18 . 2003-11-10 16:12        266240        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-05-07 09:18 . 2003-11-10 16:12        192512        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-05-07 09:18 . 2003-11-10 16:11        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-05-07 09:18 . 2011-05-07 09:18        311428        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-05-07 09:18 . 2011-05-07 09:18        188548        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-05-07 09:06 . 2011-05-07 09:06        --------        d-----w-        c:\users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-05-07 09:06 . 2011-05-07 09:06        --------        d-----w-        c:\program files (x86)\Adobe Download Assistant
2011-05-07 09:06 . 2011-05-07 09:06        --------        d-----w-        c:\program files (x86)\Common Files\Adobe AIR
2011-05-07 09:05 . 2011-05-07 09:05        --------        d-----w-        c:\users\***\AppData\Local\{C982C60A-EA1C-4F1E-B691-CFD2A4BB9986}
2011-05-06 18:27 . 2011-05-06 18:27        --------        d-----w-        c:\users\***\AppData\Local\{F6D99480-AE37-42B1-BF99-DDF95D6792CB}
2011-05-06 14:03 . 2011-05-13 14:47        --------        d-----w-        c:\users\***\AppData\Local\ESL Wire Game Client
2011-05-06 14:02 . 2011-04-14 10:43        179616        ----a-w-        c:\windows\system32\drivers\ESLWireACD.sys
2011-05-06 14:01 . 2011-04-18 10:11        25528        ----a-w-        c:\windows\system32\drivers\ESLvnic.sys
2011-05-06 14:01 . 2011-05-10 13:06        --------        d-----w-        c:\program files\EslWire
2011-05-06 14:01 . 2011-05-06 14:01        --------        d-----w-        c:\programdata\ESL Wire
2011-05-04 16:37 . 2011-05-04 17:44        --------        d-----w-        c:\users\***\AppData\Roaming\TeamViewer
2011-05-03 18:06 . 2011-05-03 18:14        --------        d-----w-        c:\programdata\PopCap Games
2011-05-03 18:06 . 2011-05-03 18:06        --------        d-----w-        c:\programdata\Steam
2011-04-28 20:41 . 2011-04-28 20:41        --------        d-----w-        c:\users\***\AppData\Roaming\dvdcss
2011-04-27 11:14 . 2011-05-10 17:09        --------        d-----w-        c:\users\UpdatusUser
2011-04-27 10:58 . 2011-04-27 10:58        --------        d-----w-        c:\users\***\AppData\Roaming\SystemRequirementsLab
2011-04-26 20:01 . 2011-04-26 20:01        --------        d-----w-        c:\users\***\AppData\Local\PunkBuster
2011-04-21 10:46 . 2011-04-21 10:46        --------        d-----w-        c:\users\***\AppData\Local\kaneandlynch
2011-04-21 09:45 . 2011-04-21 09:45        --------        d-----w-        c:\users\***\AppData\Roaming\Beat Hazard
2011-04-18 21:43 . 2011-04-18 21:43        --------        d-----w-        c:\users\***\AppData\Local\Fallout3
2011-04-18 21:19 . 2011-04-18 21:19        331908        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-04-18 21:19 . 2011-04-18 21:19        200836        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-04-18 21:19 . 2005-04-03 21:02        753664        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-04-18 21:19 . 2005-04-03 21:02        69714        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-04-18 21:19 . 2005-04-03 21:01        274432        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-04-18 21:19 . 2005-04-03 21:00        184320        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-04-18 21:19 . 2005-04-03 21:00        63488        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-04-18 21:19 . 2005-04-03 20:59        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-04-17 12:20 . 2011-04-17 12:20        --------        d-----w-        c:\programdata\TrackMania
2011-04-16 12:36 . 2011-04-28 20:41        --------        d-----w-        c:\users\***\AppData\Roaming\vlc
2011-04-16 12:35 . 2011-04-16 12:35        --------        d-----w-        c:\program files (x86)\VideoLAN
2011-04-16 11:11 . 2011-04-16 11:11        --------        d-----w-        c:\program files (x86)\devolo
2011-04-13 17:41 . 2011-04-13 17:41        --------        d-----w-        c:\program files (x86)\Sony
2011-04-13 16:53 . 2011-03-11 06:34        1359872        ----a-w-        c:\windows\system32\mfc42u.dll
2011-04-13 16:53 . 2011-03-11 06:34        1395712        ----a-w-        c:\windows\system32\mfc42.dll
2011-04-13 16:53 . 2011-03-11 05:33        1164288        ----a-w-        c:\windows\SysWow64\mfc42u.dll
2011-04-13 16:53 . 2011-03-11 05:33        1137664        ----a-w-        c:\windows\SysWow64\mfc42.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 11:01 . 2011-04-12 11:01        52632        ----a-w-        c:\windows\system32\drivers\dc3d.sys
2011-04-12 11:01 . 2011-04-12 11:01        1721576        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2011-04-09 16:55 . 2011-04-09 16:55        15453336        ----a-w-        c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55        13642904        ----a-w-        c:\windows\SysWow64\xlivefnt.dll
2011-04-08 21:00 . 2011-04-08 21:00        465920        ----a-w-        c:\windows\system32\itpcoin815.dll
2011-04-08 21:00 . 2011-04-08 21:00        464896        ----a-w-        c:\windows\system32\ipcoin815.dll
2011-04-08 05:14 . 2011-03-10 12:18        6299752        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2011-03-10 12:18        12934248        ----a-w-        c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2010-07-20 06:27        8411752        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2011-04-08 05:14 . 2010-07-20 06:27        2273896        ----a-w-        c:\windows\system32\nvapi64.dll
2011-04-08 05:14 . 2010-07-20 06:27        2034280        ----a-w-        c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2010-07-20 06:27        10071656        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2011-04-07 21:19 . 2011-04-07 21:19        2582120        ----a-w-        c:\windows\system32\nvsvcr.dll
2011-04-07 21:19 . 2011-04-07 21:19        117864        ----a-w-        c:\windows\system32\nvmctray.dll
2011-04-07 21:19 . 2011-04-07 21:19        1012328        ----a-w-        c:\windows\system32\nvvsvc.exe
2011-04-07 21:19 . 2011-04-07 21:19        797288        ----a-w-        c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 21:19 . 2011-04-07 21:19        6338152        ----a-w-        c:\windows\system32\nvcpl.dll
2011-04-07 21:18 . 2011-04-07 21:18        3041384        ----a-w-        c:\windows\system32\nvsvc64.dll
2011-04-07 15:32 . 2011-04-02 20:22        466456        ----a-w-        c:\windows\system32\wrap_oal.dll
2011-04-07 15:32 . 2011-04-02 20:22        122904        ----a-w-        c:\windows\system32\OpenAL32.dll
2011-04-07 15:32 . 2011-04-02 20:22        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2011-04-07 15:32 . 2011-04-02 20:22        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2011-03-22 15:51 . 2011-03-22 15:51        189248        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2011-03-22 15:51 . 2011-03-22 15:51        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2011-03-21 19:26 . 2011-03-21 19:26        254528        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-21 09:06 . 2011-03-21 09:06        737280        ----a-w-        c:\windows\iun6002.exe
2011-03-19 17:34 . 2011-03-19 17:34        9        ----a-w-        c:\users\***\AppData\Roaming\sjh4fgl24_Z4[j5-1]vk-w.tmp
2011-03-11 08:23 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-03-11 08:23 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-03-11 08:03 . 2009-08-18 10:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-10 11:00 . 2011-03-10 11:00        368640        ----a-w-        c:\windows\SysWow64\ReWire.dll
2011-03-10 11:00 . 2011-03-10 11:00        233472        ----a-w-        c:\windows\SysWow64\REX Shared Library.dll
2011-03-09 10:32 . 2011-03-09 10:32        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll
2011-02-24 17:21 . 2011-03-09 14:05        2753512        ----a-w-        c:\windows\system32\drivers\RTKVHD64.sys
2011-02-22 14:52 . 2011-03-09 14:04        2075712        ----a-w-        c:\windows\system32\FMAPO64.dll
2011-02-22 10:16 . 2011-03-09 14:05        2369128        ----a-w-        c:\windows\system32\RtPgEx64.dll
2011-02-18 09:49 . 2011-03-08 21:05        2839656        ----a-w-        c:\windows\system32\RtkAPO64.dll
2011-02-17 13:03 . 2011-03-09 14:04        648296        ----a-w-        c:\windows\system32\RtkApi64.dll
2011-02-16 12:11 . 2011-03-09 14:04        84072        ----a-w-        c:\windows\system32\RCoInst64.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-05-12_18.55.02  )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-08 18:41 . 2011-05-13 14:45        56766              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-05-12 18:06        30494              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-13 14:45        30494              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-08 18:30 . 2011-05-13 14:45        13734              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3005876921-2081498579-3243624207-1001_UserData.bin
- 2011-03-08 18:30 . 2011-05-12 18:05        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-08 18:30 . 2011-05-13 14:43        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-08 18:30 . 2011-05-13 14:43        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-08 18:30 . 2011-05-12 18:05        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-08 18:30 . 2011-05-12 18:05        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-08 18:30 . 2011-05-13 14:43        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-08 18:30 . 2011-05-12 18:05        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-08 18:30 . 2011-05-13 14:43        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-08 18:30 . 2011-05-12 18:05        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-08 18:30 . 2011-05-13 14:43        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-12 18:04 . 2011-05-12 18:04        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-13 14:56 . 2011-05-13 14:56        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-12 18:04 . 2011-05-12 18:04        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-13 14:56 . 2011-05-13 14:56        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-05-12 18:03        369360              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-13 14:56        369360              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-08 21:40 . 2011-05-13 14:56        5031596              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3005876921-2081498579-3243624207-1001-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-07-15 2158592]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2011-05-09 4020224]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe" [2008-08-07 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2008-11-28 34048]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S3 ALSysIO;ALSysIO;c:\users\Josh\AppData\Local\Temp\ALSysIO64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001Core.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-21 06:43]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001UA.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-21 06:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF27722.cfxxe" [X]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 2314120]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/sk27211/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Josh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\rv3mevtg.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - google.de|facebook.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=sk27211&tb_ver=1.1.9&q=
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*a*l*f*ZÝÄv\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3005876921-2081498579-3243624207-1001\Software\SecuROM\License information*]
"datasecu"=hex:74,63,f4,2e,10,48,33,82,a3,62,fe,15,cd,1f,56,29,a3,ca,82,8c,fa,
  a2,2e,b2,a1,6e,b2,94,48,3d,71,59,1a,00,a9,98,22,4e,42,41,a2,fb,c3,8e,4b,3b,\
"rkeysecu"=hex:c5,c8,0e,fe,d5,87,3e,63,08,0d,93,ed,0d,59,e1,b4
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\NVIDIA Corporation\Installer2\NVIDIA.Update.1\ComUpdatus.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-13  17:00:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-13 15:00
ComboFix2.txt  2011-05-12 18:56
.
Vor Suchlauf: 13.372.284.928 bytes free
Nach Suchlauf: 13.167.546.368 bytes free
.
- - End Of File - - 357A04E0A6608A0F3E2F2B319AFEB0BB
--- --- ---

dr.hardcore 13.05.2011 17:16
immer noch keine verbesserung :(

cosinus 13.05.2011 18:20
Besserung - was? Wir sind auch noch nicht durch, hab ich nicht gesagt, dass es nach CF getan wäre ;)

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

dr.hardcore 13.05.2011 22:19
Hier der Log von MBRCheck :

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: BIOSTAR Group
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: BIOSTAR Group
System Product Name: GF8200C M2+
Logical Drives Mask: 0x000001bd

Kernel Drivers (total 200):
0x0340F000 \SystemRoot\system32\ntoskrnl.exe
0x039F8000 \SystemRoot\system32\hal.dll
0x00BB6000 \SystemRoot\system32\kdcom.dll
0x00CB1000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CBE000 \SystemRoot\system32\PSHED.dll
0x00CD2000 \SystemRoot\system32\CLFS.SYS
0x00D30000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DF0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E50000 \SystemRoot\system32\drivers\ACPI.sys
0x00EA7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00EB0000 \SystemRoot\system32\drivers\msisadrv.sys
0x00EBA000 \SystemRoot\system32\drivers\pci.sys
0x00EED000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EFA000 \SystemRoot\System32\drivers\partmgr.sys
0x00F0F000 \SystemRoot\system32\drivers\volmgr.sys
0x00F24000 \SystemRoot\System32\drivers\volmgrx.sys
0x00F80000 \SystemRoot\system32\drivers\pciide.sys
0x00F87000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00F97000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FB1000 \SystemRoot\system32\drivers\vmbus.sys
0x00E00000 \SystemRoot\system32\drivers\winhv.sys
0x00E14000 \SystemRoot\system32\drivers\atapi.sys
0x00E1D000 \SystemRoot\system32\drivers\ataport.SYS
0x00FED000 \SystemRoot\system32\drivers\amdxata.sys
0x010F6000 \SystemRoot\system32\drivers\fltmgr.sys
0x01142000 \SystemRoot\system32\drivers\fileinfo.sys
0x01202000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01156000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A5000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x013C0000 \SystemRoot\System32\drivers\pcw.sys
0x013D1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01436000 \SystemRoot\system32\drivers\ndis.sys
0x01529000 \SystemRoot\system32\drivers\NETIO.SYS
0x01589000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0160C000 \SystemRoot\System32\drivers\tcpip.sys
0x01810000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0185A000 \SystemRoot\system32\drivers\vmstorfl.sys
0x0186A000 \SystemRoot\system32\drivers\volsnap.sys
0x018B6000 \SystemRoot\System32\Drivers\spldr.sys
0x018BE000 \SystemRoot\SysWOW64\speedfan.sys
0x018C5000 \SystemRoot\System32\drivers\rdyboost.sys
0x018FF000 \SystemRoot\System32\Drivers\mup.sys
0x01911000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0191A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01954000 \SystemRoot\system32\DRIVERS\disk.sys
0x0196A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x019D0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01600000 \SystemRoot\System32\Drivers\Null.SYS
0x015B4000 \SystemRoot\System32\Drivers\Beep.SYS
0x015BB000 \SystemRoot\System32\drivers\vga.sys
0x015C9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015EE000 \SystemRoot\System32\drivers\watchdog.sys
0x01400000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01409000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01412000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0141B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013DB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01072000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01426000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03E59000 \SystemRoot\system32\drivers\afd.sys
0x03EE2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03F27000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03F30000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F56000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03F6C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03F7B000 \SystemRoot\system32\DRIVERS\serial.sys
0x03F98000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x03FDB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03E00000 \SystemRoot\system32\drivers\termdd.sys
0x01094000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03E14000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03E20000 \SystemRoot\system32\drivers\mssmbios.sys
0x03E2B000 \SystemRoot\System32\drivers\discache.sys
0x0402E000 \SystemRoot\system32\drivers\csc.sys
0x040B1000 \SystemRoot\System32\Drivers\dfsc.sys
0x040CF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x040E0000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x04102000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04128000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x0413D000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04149000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04156000 \SystemRoot\system32\DRIVERS\parport.sys
0x04173000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0417E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x041D4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04000000 \SystemRoot\system32\drivers\HDAudBus.sys
0x06AD5000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x0F02E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FCD3000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x0FCD5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x06B2A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0FDC9000 \SystemRoot\system32\drivers\wmiacpi.sys
0x0FDD2000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0FDE2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0F000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x06B70000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x06B7C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x06BAB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x06BC6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x06A00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0F024000 \SystemRoot\system32\DRIVERS\ESLvnic.sys
0x06A1A000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x06A25000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x06A34000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0FDF8000 \SystemRoot\system32\drivers\swenum.sys
0x06A43000 \SystemRoot\system32\drivers\ks.sys
0x06A86000 \SystemRoot\system32\drivers\umbus.sys
0x06A98000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x06EC8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x06F22000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0780D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x07AAC000 \SystemRoot\system32\drivers\portcls.sys
0x07AE9000 \SystemRoot\system32\drivers\drmk.sys
0x07B0B000 \SystemRoot\system32\drivers\ksthunk.sys
0x07B11000 \SystemRoot\system32\drivers\nvhda64v.sys
0x07B3E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x07B5B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07B69000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x07B75000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x07B7E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x07B91000 \SystemRoot\System32\drivers\Dxapi.sys
0x07B9D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07BBA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x07BBC000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x07BCE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07BD7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07BE5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06F37000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x07800000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06F45000 \SystemRoot\system32\DRIVERS\point64k.sys
0x06F53000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x00770000 \SystemRoot\System32\cdd.dll
0x06F61000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x00940000 \SystemRoot\System32\ATMFD.DLL
0x06F72000 \SystemRoot\system32\drivers\luafv.sys
0x06F95000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x06FB2000 \SystemRoot\system32\drivers\WudfPf.sys
0x06FD3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06E00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06E53000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06E66000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03838000 \SystemRoot\system32\drivers\HTTP.sys
0x03901000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0391F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03937000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03964000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x039B1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0546C000 \??\C:\Windows\system32\drivers\ESLWireACD.sys
0x05521000 \SystemRoot\sysWOW64\drivers\npf_devolo.sys
0x0552D000 \SystemRoot\system32\drivers\peauth.sys
0x055D3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0629E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x062CF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x062E1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0634B000 \SystemRoot\System32\DRIVERS\srv.sys
0x063E3000 \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
0x063EB000 \??\C:\Users\Josh\AppData\Local\Temp\ALSysIO64.sys
0x77C50000 \Windows\System32\ntdll.dll
0x47CF0000 \Windows\System32\smss.exe
0xFFF70000 \Windows\System32\apisetschema.dll
0xFFED0000 \Windows\System32\autochk.exe
0xFFE80000 \Windows\System32\advapi32.dll
0xFFE50000 \Windows\System32\imm32.dll
0xFFD40000 \Windows\System32\msctf.dll
0x77B30000 \Windows\System32\kernel32.dll
0xFFC10000 \Windows\System32\wininet.dll
0xFFB70000 \Windows\System32\comdlg32.dll
0xFFB50000 \Windows\System32\sechost.dll
0xFF970000 \Windows\System32\setupapi.dll
0xFF710000 \Windows\System32\iertutil.dll
0xFF6C0000 \Windows\System32\ws2_32.dll
0xFF590000 \Windows\System32\rpcrt4.dll
0xFF510000 \Windows\System32\shlwapi.dll
0xFF500000 \Windows\System32\nsi.dll
0xFF460000 \Windows\System32\msvcrt.dll
0x77E20000 \Windows\System32\psapi.dll
0xFE6D0000 \Windows\System32\shell32.dll
0xFE650000 \Windows\System32\difxapi.dll
0xFE570000 \Windows\System32\oleaut32.dll
0x77A30000 \Windows\System32\user32.dll
0xFE510000 \Windows\System32\Wldap32.dll
0xFE390000 \Windows\System32\urlmon.dll
0xFE2C0000 \Windows\System32\usp10.dll
0xFE250000 \Windows\System32\gdi32.dll
0xFE230000 \Windows\System32\imagehlp.dll
0x77E10000 \Windows\System32\normaliz.dll
0xFE220000 \Windows\System32\lpk.dll
0xFE010000 \Windows\System32\ole32.dll
0xFDF70000 \Windows\System32\clbcatq.dll
0xFDED0000 \Windows\System32\comctl32.dll
0xFDEB0000 \Windows\System32\devobj.dll
0xFDE70000 \Windows\System32\cfgmgr32.dll
0xFDD00000 \Windows\System32\crypt32.dll
0xFDC90000 \Windows\System32\KernelBase.dll
0xFDC50000 \Windows\System32\wintrust.dll
0xFDC40000 \Windows\System32\msasn1.dll

Processes (total 73):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
440 csrss.exe
500 C:\Windows\System32\wininit.exe
532 csrss.exe
556 C:\Windows\System32\services.exe
572 C:\Windows\System32\lsass.exe
580 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\nvvsvc.exe
868 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
252 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1396 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1408 C:\Windows\System32\nvvsvc.exe
1504 C:\Windows\System32\spoolsv.exe
1552 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1660 C:\Windows\System32\svchost.exe
1788 C:\Windows\SysWOW64\svchost.exe
1808 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1856 C:\Windows\System32\svchost.exe
1916 C:\Windows\SysWOW64\PnkBstrA.exe
1124 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1080 C:\Windows\System32\conhost.exe
1188 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1696 C:\Windows\System32\svchost.exe
2056 C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
2112 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2276 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2668 C:\Windows\System32\taskhost.exe
2728 C:\Windows\System32\taskeng.exe
2740 C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
2760 C:\Windows\System32\dwm.exe
2808 C:\Windows\explorer.exe
2864 C:\Program Files\Core Temp\Core Temp.exe
3024 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3032 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3040 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2240 C:\Program Files\Windows Sidebar\sidebar.exe
1572 C:\Program Files (x86)\Vtune\TBPANEL.exe
2680 C:\Program Files\EslWire\wire.exe
3312 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
3392 C:\Windows\System32\svchost.exe
3756 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3988 WmiPrvSE.exe
4004 WmiPrvSE.exe
1332 C:\Program Files\EslWire\inGame32.exe
1888 C:\Windows\System32\SearchIndexer.exe
2632 C:\Program Files\EslWire\dbus-daemon.exe
2616 C:\Windows\System32\conhost.exe
3784 C:\Program Files\Windows Media Player\wmpnetwk.exe
4948 C:\Windows\System32\svchost.exe
4320 WmiPrvSE.exe
1116 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5376 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5456 dllhost.exe
5208 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
5308 C:\Windows\System32\svchost.exe
2008 C:\Program Files (x86)\Skype\Phone\Skype.exe
4784 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
5672 C:\Windows\System32\audiodg.exe
424 C:\Windows\System32\taskeng.exe
3688 C:\Windows\System32\SearchProtocolHost.exe
3368 C:\Windows\System32\SearchFilterHost.exe
5568 C:\Windows\System32\notepad.exe
2788 C:\Users\Josh\Downloads\MBRCheck.exe
4344 C:\Windows\System32\conhost.exe
4288 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000e`a6094200 (NTFS)

PhysicalDrive0 Model Number: WDCWD6401AALS-00J7B1, Rev: 05.00K05
PhysicalDrive1 Model Number: STM3500418AS, Rev: CC38

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!



Hier der von Osam:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 23:16:36 on 13.05.2011

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001Core.job" - "Google Inc." - C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3005876921-2081498579-3243624207-1001UA.job" - "Google Inc." - C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"ALSysIO" (ALSysIO) - ? - C:\Users\***\AppData\Local\Temp\ALSysIO64.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"ESLWireAC" (ESLWireAC) - "<Turtle Entertainment>" - C:\Windows\system32\drivers\ESLWireACD.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\Windows\sysWOW64\drivers\npf_devolo.sys
"speedfan" (speedfan) - "Windows (R) Server 2003 DDK provider" - C:\Windows\SysWOW64\speedfan.sys
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"TBPanel" (TBPanel) - ? - C:\Windows\system32\drivers\TBPanel.sys  (File not found)
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\SDShelEx-win32.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.4" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.4\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"ESL Wire" - "Turtle Entertainment GmbH" - "C:\Program Files\EslWire\wire.exe" --tray
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"TBPanel" - ? - C:\Program Files (x86)\Vtune\TBPanel.exe /A
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"TrayServer" - "MAGIX AG" - C:\Program Files (x86)\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe                                                                                                                                                                                           

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"Akamai NetSession Interface" (Akamai) - ? - c:\program files (x86)\common files\akamai\netsession_win_3f211bc.dll  (File found, but it contains no detailed information)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

Hier der von gmer:
GMER Logfile:
Code:
GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-13 23:13:14
Windows 6.1.7601 Service Pack 1
Running: zs7629yv.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f8121                     
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f8121@0025e5307177        0x18 0x75 0xA0 0xF5 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f8121@00234555a322        0x3F 0x44 0xD6 0x97 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f8121@2021a53c74ae        0xB8 0xE3 0xA3 0x53 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f8121@f49f545733c5        0x01 0x2A 0xFC 0xB1 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f8121 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f8121@0025e5307177            0x18 0x75 0xA0 0xF5 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f8121@00234555a322            0x3F 0x44 0xD6 0x97 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f8121@2021a53c74ae            0xB8 0xE3 0xA3 0x53 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f8121@f49f545733c5            0x01 0x2A 0xFC 0xB1 ...

---- Files - GMER 1.0.15 ----

File  C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb                                          0 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 13.05.2011 22:31
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

dr.hardcore 14.05.2011 16:24
Hier SUPERAntiMalware:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 05/14/2011 at 05:24 PM

Application Version : 4.52.1000

Core Rules Database Version : 7056
Trace Rules Database Version: 4868

Scan type : Complete Scan
Total Scan Time : 01:18:47

Memory items scanned : 711
Memory threats detected : 0
Registry items scanned : 14373
Registry threats detected : 0
File items scanned : 180259
File threats detected : 1

Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[2].txt

dr.hardcore 14.05.2011 16:45
Hier MAlwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6555

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

14.05.2011 17:45:37
mbam-log-2011-05-14 (17-45-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 181706
Laufzeit: 19 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 14.05.2011 17:43
Zitat:
Datenbank Version: 6555
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

dr.hardcore 14.05.2011 20:50
Ok heri der neue Log:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6579

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

14.05.2011 20:32:55
mbam-log-2011-05-14 (20-32-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 181706
Laufzeit: 20 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 15.05.2011 11:29
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

dr.hardcore 15.05.2011 14:28
Ne läuft wieder Danke werde bei problemen auf jeden fall wieder hier fragen ^^

cosinus 15.05.2011 14:41
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131