Trojaner-Board - Trojaner/Virus: Festplatte beschädigt - Bildschirm schwarz

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Trojaner/Virus: Festplatte beschädigt - Bildschirm schwarz - keine Dateien (https://www.trojaner-board.de/99162-trojaner-virus-festplatte-beschaedigt-bildschirm-schwarz-keine-dateien.html)

Trojaner/Virus: Festplatte beschädigt - Bildschirm schwarz - keine Dateien

Hallo zusammen,
jetzt hat es mich auch erwischt!!
Heute nachmittag hat sich plötzlich mein Laptop verabschiedet. Beim Wiederstarten tauchte plötzlich die Meldung "Festplatte beschädigt. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA- Festplatten erkannt."
Bei Windows Recovery erschien die Meldung "Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr"
Der Desktop war schwarz und die Ordner waren verschwunden. Ins Internet konnte ich noch ohne Probleme und habe nach dem Problem gegoogelt. Hier habe ich dann den Tipp erhalten Malewarebytes drüberlaufen lassen. Die gefunden infizierten Dateien habe ich gelöscht. Hoffe, das war o.k.
Bekomme jetzt zwar keine Fehlermeldungen mehr aber schwarzer Desktop ist immer noch da und keine Dateien in Sicht.
Ich kenne mich nicht besonders gut aus, nutze hauptsächlich den Laptop für Fotobücher oder kleine Filme zu erstellen und surfe im Internet. Aber anscheinend habe ich mir nach den all den Jahren trotz Sicherheitsvorkehrungen etwas eingefangen.
Hier das Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6588

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.05.2011 16:13:59
mbam-log-2011-05-16 (16-13-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160862
Laufzeit: 13 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\programdata\egjterjsmshhppc.exe (Rogue.Installer.Gen) -> 2912 -> Unloaded process successfully.
c:\programdata\44293880.exe (Trojan.FakeAlert.Gen) -> 2576 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eGJterJSMsHHPPC (Rogue.Installer.Gen) -> Value: eGJterJSMsHHPPC -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\egjterjsmshhppc.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\bischoff\AppData\Local\Temp\0.34006129411756636.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\bischoff\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\44293880.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Ich würde mich freuen, wenn mir jemand helfen könnte.
Im Voraus vielen Dank!

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL-Custom:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox.

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo,
als erstes mal vielen Dank für die schnelle Hilfe!
Malwarebytes hatte ich ja bereits drüber laufen lassen und den Log bereits in meinem ersten Beitrag kopiert. Kann ich aber nochmal kopieren:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6588

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.05.2011 16:13:59
mbam-log-2011-05-16 (16-13-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160862
Laufzeit: 13 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\programdata\egjterjsmshhppc.exe (Rogue.Installer.Gen) -> 2912 -> Unloaded process successfully.
c:\programdata\44293880.exe (Trojan.FakeAlert.Gen) -> 2576 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eGJterJSMsHHPPC (Rogue.Installer.Gen) -> Value: eGJterJSMsHHPPC -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\egjterjsmshhppc.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\bischoff\AppData\Local\Temp\0.34006129411756636.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\bischoff\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\44293880.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Habe nun OTL drüber laufen lassen (hab nur versehentlich SCAN gemacht und nicht QUICKSCAN, ich hoffe, daß ist nicht so arg unterschiedlich) . Habe auch noch ein EXTRAS.TXT Editor-Fenster... soll ich das auch hier kopieren?

Hier der Inhalt des OTL.txt:OTL Logfile:

Code:

OTL logfile created on: 17.05.2011 09:11:21 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\bischoff\Downloads

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285,37 Gb Total Space | 208,18 Gb Free Space | 72,95% Space Free | Partition Type: NTFS

Drive D: | 12,52 Gb Total Space | 2,10 Gb Free Space | 16,75% Space Free | Partition Type: NTFS

Drive E: | 3,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: BISCHOFF-PC | User Name: bischoff | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.05.16 17:05:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\bischoff\Downloads\OTL.exe

PRC - [2011.01.05 10:18:50 | 000,133,432 | -H-- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe

PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe

PRC - [2009.06.18 10:04:36 | 000,772,096 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.05.16 17:05:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\bischoff\Downloads\OTL.exe

MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010.11.11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2010.11.11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2009.07.22 03:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009.03.02 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)

SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.05.22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

SRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.10.24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2009.09.22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.07.22 03:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009.07.15 01:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009.06.27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009.06.24 21:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.22 16:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2009.03.25 17:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)

DRV:64bit: - [2009.03.25 17:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)

DRV:64bit: - [2009.03.25 17:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)

DRV:64bit: - [2009.03.25 17:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)

DRV:64bit: - [2009.03.25 17:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)

DRV:64bit: - [2009.03.25 17:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)

DRV:64bit: - [2009.03.25 17:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)

DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PDNMp50.sys -- (PDNMp50)

DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PDNSp50.sys -- (PDNSp50)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6

FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.5.76

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.05 21:59:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2010.08.24 11:17:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\bischoff\AppData\Roaming\mozilla\Extensions

[2011.05.15 09:48:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions

[2011.05.11 10:16:05 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.05.05 22:00:29 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.09.07 17:24:40 | 000,002,394 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\askcom.xml

[2011.05.13 17:14:38 | 000,000,950 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\icqplugin-1.xml

[2011.02.20 12:21:20 | 000,000,168 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\icqplugin.gif

[2011.02.20 12:21:20 | 000,000,618 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\icqplugin.src

[2011.05.01 17:47:59 | 000,001,056 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\icqplugin.xml

[2011.05.10 20:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.05.10 20:53:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.05.05 21:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions

[2011.05.05 21:59:50 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net

File not found (No name found) -- 

() (No name found) -- C:\USERS\BISCHOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I10K49T2.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI

() (No name found) -- C:\USERS\BISCHOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I10K49T2.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI

[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)

O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [LaunchList]  File not found

O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.03.23 06:44:31 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006.09.30 23:51:30 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]

O32 - AutoRun File - [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2006.10.01 00:10:34 | 000,000,147 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2006.09.25 00:53:27 | 000,602,112 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ CDFS ]

O33 - MountPoints2\{1739c819-a964-11de-a7f1-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{1739c819-a964-11de-a7f1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.)

O33 - MountPoints2\{c7109009-6e3d-11df-9f59-00269e5ff738}\Shell - "" = AutoRun

O33 - MountPoints2\{c7109009-6e3d-11df-9f59-00269e5ff738}\Shell\AutoRun\command - "" = F:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.16 15:03:14 | 000,000,000 | -H-D | C] -- C:\Users\bischoff\AppData\Roaming\Malwarebytes

[2011.05.16 15:03:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.05.16 15:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.05.16 15:03:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes

[2011.05.16 15:03:04 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.05.16 15:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.05.16 14:30:58 | 000,000,000 | -H-D | C] -- C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery

[2011.05.10 20:53:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sun

[2011.05.10 20:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011.05.10 20:53:07 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2011.05.10 20:53:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2011.05.10 20:53:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2011.05.10 20:53:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2011.05.10 20:20:36 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2011.05.10 20:20:35 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2011.05.10 20:20:35 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2011.05.10 20:20:29 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2011.05.10 20:20:29 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2011.04.27 10:52:09 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2011.04.27 10:52:09 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2011.04.27 10:52:08 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2011.04.27 10:52:07 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2011.04.27 10:51:53 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll

[2011.04.27 10:51:53 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2011.04.27 10:51:53 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2011.04.27 10:51:53 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys

[2011.04.27 10:51:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe

[2011.04.27 10:51:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe

[2011.04.27 10:51:52 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys

[2011.04.27 10:51:23 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe

[2011.04.27 10:51:23 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe

[2011.04.21 20:59:06 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.05.17 09:05:13 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.05.17 09:05:13 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.05.17 09:00:47 | 000,000,887 | -H-- | M] () -- C:\ProgramData\hpqp.ini

[2011.05.17 08:57:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.05.17 08:57:40 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys

[2011.05.16 14:38:11 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44293880r

[2011.05.16 14:38:11 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~44293880

[2011.05.16 14:35:42 | 000,000,400 | -H-- | M] () -- C:\ProgramData\44293880

[2011.05.16 14:30:59 | 000,000,635 | -H-- | M] () -- C:\Users\bischoff\Desktop\Windows 7 Recovery.lnk

[2011.04.22 20:58:21 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.04.22 20:58:21 | 000,656,266 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.04.22 20:58:21 | 000,618,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.04.22 20:58:21 | 000,131,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.04.22 20:58:21 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.04.21 20:59:06 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

 
 ========== Files Created - No Company Name ==========

 

[2011.05.16 14:33:32 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~44293880r

[2011.05.16 14:33:32 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~44293880

[2011.05.16 14:30:59 | 000,000,635 | -H-- | C] () -- C:\Users\bischoff\Desktop\Windows 7 Recovery.lnk

[2011.05.16 14:30:56 | 000,000,400 | -H-- | C] () -- C:\ProgramData\44293880

[2011.02.11 19:26:51 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.26 12:36:40 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2010.12.10 20:30:52 | 000,000,526 | ---- | C] () -- C:\Windows\eReg.dat

[2010.05.30 19:10:47 | 001,432,080 | ---- | C] () -- C:\Programme\setup_dm_Fotowelt.exe

[2010.03.16 20:33:04 | 000,093,696 | -H-- | C] () -- C:\Users\bischoff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.03.08 20:56:30 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010.03.07 15:25:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.09.25 01:47:51 | 000,000,887 | -H-- | C] () -- C:\ProgramData\hpqp.ini

[2009.08.19 16:15:14 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat

[2009.07.15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin

[2009.07.13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009.07.13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2009.07.13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.08.28 09:34:07 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Adobe

[2010.12.26 12:36:50 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Atari

[2010.04.27 08:51:48 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\CyberLink

[2010.09.06 13:26:33 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Gamelab

[2010.03.08 20:54:34 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Hewlett-Packard

[2010.03.06 16:29:31 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\HP TCS

[2010.03.06 16:32:32 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\hpqlog

[2010.03.07 15:08:27 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\HpUpdate

[2011.05.10 19:10:45 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\ICQ

[2010.03.06 16:32:48 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Identities

[2010.12.26 12:36:06 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Leadertech

[2010.04.28 14:59:48 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Macromedia

[2011.05.16 15:03:15 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Malwarebytes

[2009.09.25 11:13:04 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Media Center Programs

[2011.01.12 15:18:10 | 000,000,000 | --SD | M] -- C:\Users\bischoff\AppData\Roaming\Microsoft

[2010.08.24 11:17:24 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Mozilla

[2010.03.07 15:15:56 | 000,000,000 | RH-D | M] -- C:\Users\bischoff\AppData\Roaming\SecuROM

[2010.09.08 13:38:41 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\temp

[2010.09.06 13:25:14 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\WildTangent

[2011.02.22 23:48:21 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\_MDLogs

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

--- --- ---

Zitat:

Malwarebytes hatte ich ja bereits drüber laufen lassen und den Log bereits in meinem ersten Beitrag kopiert. Kann ich aber nochmal kopieren:

Bitte richtig lesen. Ich hab das Wort Vollscan extra fett geschrieben.-

Sorry!!!! Hab ich nun gemacht....

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6596

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.05.2011 11:15:21
mbam-log-2011-05-17 (11-15-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 364032
Laufzeit: 1 Stunde(n), 0 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Das war jetzt ingesamt der wievielte Scan mit Malwarebytes?

Der 1. Scan war gestern und das war jetzt der 2. Scan....
vorher noch nie benutzt...

Hm, was willst du mit diesen komischen Toolbars auf dem Rechner? Am besten alles entfernen wo Toolbar steht, was in der Systemsteuerung unter Software bzw. Programme und Funktionen zu sehen ist und bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

Vielen Dank für die Tipps.... da ich, wie du sicherlich schon gemerkt hast, mich nicht wirklich auskenne, hab ich den Rechner nach dem Kauf nicht nach unnötigen Programmen durchforstet. Ich denke, da werde ich mir mal Hilfe holen müssen, von jemanden, der sich etwas besser auskennt als ich. Außerdem hat mein Sohn einpaar Spiele installiert, die aber nicht aus dem Internet sind. Aber werde mal versuchen, das jetzt erst mal zu befolgen, was du mir geraten hast....

... hab nur eine Toolbar gefunden....

... komme nicht weiter. Weiß nicht welche Programme ich einfach deinstallieren kann, bei vielen weiß ich garnicht was das ist und ob sie irgendwie benötigt werden. Wie gehts jetzt weiter??

Dann deinstallier erstmal nur alle Toolbars.

So... habe diese Toolbars deinstalliert. War nicht über Systemsteuerung möglich sondern musste sie über firefox entfernen (musste ich erstmal wieder googeln, wie ich die wegbringe). Ich denke mal, die habe ich bei einem update von firefox mitinstalliert. Warte auf weitere Anweisungen ...

Dann mach bitte ein frisches OTL-Log. Siehe Anleitung, die ich oben hier im Strang gepostet habe.

Hier das OTL-Log:OTL Logfile:

Code:

OTL logfile created on: 17.05.2011 19:53:13 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\bischoff\Downloads

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285,37 Gb Total Space | 210,85 Gb Free Space | 73,89% Space Free | Partition Type: NTFS

Drive D: | 12,52 Gb Total Space | 2,10 Gb Free Space | 16,75% Space Free | Partition Type: NTFS

Drive E: | 3,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: BISCHOFF-PC | User Name: bischoff | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.05.17 19:51:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\bischoff\Downloads\OTL(2).exe

PRC - [2011.01.05 10:18:50 | 000,133,432 | -H-- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe

PRC - [2009.06.18 10:04:36 | 000,772,096 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.05.17 19:51:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\bischoff\Downloads\OTL(2).exe

MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010.11.11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2010.11.11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2009.07.22 03:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009.03.02 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.05.22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

SRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.10.24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2009.09.22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.07.22 03:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009.07.15 01:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009.06.27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009.06.24 21:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.22 16:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2009.03.25 17:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)

DRV:64bit: - [2009.03.25 17:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)

DRV:64bit: - [2009.03.25 17:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)

DRV:64bit: - [2009.03.25 17:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)

DRV:64bit: - [2009.03.25 17:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)

DRV:64bit: - [2009.03.25 17:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)

DRV:64bit: - [2009.03.25 17:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)

DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PDNMp50.sys -- (PDNMp50)

DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PDNSp50.sys -- (PDNSp50)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6

FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.5.76

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.05 21:59:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2010.08.24 11:17:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\bischoff\AppData\Roaming\mozilla\Extensions

[2011.05.17 19:18:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions

[2011.05.17 19:51:49 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.05.05 22:00:29 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.09.07 17:24:40 | 000,002,394 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\askcom.xml

[2011.05.13 17:14:38 | 000,000,950 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\icqplugin-1.xml

[2011.02.20 12:21:20 | 000,000,168 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\icqplugin.gif

[2011.02.20 12:21:20 | 000,000,618 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\icqplugin.src

[2011.05.01 17:47:59 | 000,001,056 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\icqplugin.xml

[2011.05.10 20:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.05.10 20:53:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.05.05 21:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions

[2011.05.05 21:59:50 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net

File not found (No name found) -- 

File not found (No name found) -- C:\USERS\BISCHOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I10K49T2.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI

File not found (No name found) -- C:\USERS\BISCHOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I10K49T2.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI

[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)

O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [LaunchList]  File not found

O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.03.23 06:44:31 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006.09.30 23:51:30 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]

O32 - AutoRun File - [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2006.10.01 00:10:34 | 000,000,147 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2006.09.25 00:53:27 | 000,602,112 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ CDFS ]

O33 - MountPoints2\{1739c819-a964-11de-a7f1-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{1739c819-a964-11de-a7f1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.)

O33 - MountPoints2\{c7109009-6e3d-11df-9f59-00269e5ff738}\Shell - "" = AutoRun

O33 - MountPoints2\{c7109009-6e3d-11df-9f59-00269e5ff738}\Shell\AutoRun\command - "" = F:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.16 15:03:14 | 000,000,000 | -H-D | C] -- C:\Users\bischoff\AppData\Roaming\Malwarebytes

[2011.05.16 15:03:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.05.16 15:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.05.16 15:03:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes

[2011.05.16 15:03:04 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.05.16 15:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.05.16 14:30:58 | 000,000,000 | -H-D | C] -- C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery

[2011.05.10 20:53:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sun

[2011.05.10 20:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011.04.21 20:59:06 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.05.17 18:25:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.05.17 09:05:13 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.05.17 09:05:13 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.05.17 09:00:47 | 000,000,887 | -H-- | M] () -- C:\ProgramData\hpqp.ini

[2011.05.17 08:57:40 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys

[2011.05.16 14:38:11 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44293880r

[2011.05.16 14:38:11 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~44293880

[2011.05.16 14:35:42 | 000,000,400 | -H-- | M] () -- C:\ProgramData\44293880

[2011.05.16 14:30:59 | 000,000,635 | -H-- | M] () -- C:\Users\bischoff\Desktop\Windows 7 Recovery.lnk

[2011.04.22 20:58:21 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.04.22 20:58:21 | 000,656,266 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.04.22 20:58:21 | 000,618,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.04.22 20:58:21 | 000,131,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.04.22 20:58:21 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.04.21 20:59:06 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

 
 ========== Files Created - No Company Name ==========

 

[2011.05.16 14:33:32 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~44293880r

[2011.05.16 14:33:32 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~44293880

[2011.05.16 14:30:59 | 000,000,635 | -H-- | C] () -- C:\Users\bischoff\Desktop\Windows 7 Recovery.lnk

[2011.05.16 14:30:56 | 000,000,400 | -H-- | C] () -- C:\ProgramData\44293880

[2011.02.11 19:26:51 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.26 12:36:40 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2010.12.10 20:30:52 | 000,000,526 | ---- | C] () -- C:\Windows\eReg.dat

[2010.05.30 19:10:47 | 001,432,080 | ---- | C] () -- C:\Programme\setup_dm_Fotowelt.exe

[2010.03.16 20:33:04 | 000,093,696 | -H-- | C] () -- C:\Users\bischoff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.03.08 20:56:30 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010.03.07 15:25:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.09.25 01:47:51 | 000,000,887 | -H-- | C] () -- C:\ProgramData\hpqp.ini

[2009.08.19 16:15:14 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat

[2009.07.15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin

[2009.07.13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009.07.13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2009.07.13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

 
 ========== LOP Check ==========

 

[2010.12.26 12:36:50 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Atari

[2010.09.06 13:26:33 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Gamelab

[2011.05.10 19:10:45 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\ICQ

[2010.12.26 12:36:06 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Leadertech

[2010.09.08 13:38:41 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\temp

[2010.09.06 13:25:14 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\WildTangent

[2011.02.22 23:48:21 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\_MDLogs

[2011.03.29 10:08:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.08.28 09:34:07 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Adobe

[2010.12.26 12:36:50 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Atari

[2010.04.27 08:51:48 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\CyberLink

[2010.09.06 13:26:33 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Gamelab

[2010.03.08 20:54:34 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Hewlett-Packard

[2010.03.06 16:29:31 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\HP TCS

[2011.05.17 14:05:14 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\hpqlog

[2010.03.07 15:08:27 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\HpUpdate

[2011.05.10 19:10:45 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\ICQ

[2010.03.06 16:32:48 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Identities

[2010.12.26 12:36:06 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Leadertech

[2010.04.28 14:59:48 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Macromedia

[2011.05.16 15:03:15 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Malwarebytes

[2009.09.25 11:13:04 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Media Center Programs

[2011.01.12 15:18:10 | 000,000,000 | --SD | M] -- C:\Users\bischoff\AppData\Roaming\Microsoft

[2010.08.24 11:17:24 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Mozilla

[2010.03.07 15:15:56 | 000,000,000 | RH-D | M] -- C:\Users\bischoff\AppData\Roaming\SecuROM

[2010.09.08 13:38:41 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\temp

[2010.09.06 13:25:14 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\WildTangent

[2011.02.22 23:48:21 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\_MDLogs

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

--- --- ---

Hier das OTL-Log:OTL Logfile:

Code:

OTL logfile created on: 17.05.2011 19:53:13 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\bischoff\Downloads

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 285,37 Gb Total Space | 210,85 Gb Free Space | 73,89% Space Free | Partition Type: NTFS

Drive D: | 12,52 Gb Total Space | 2,10 Gb Free Space | 16,75% Space Free | Partition Type: NTFS

Drive E: | 3,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: BISCHOFF-PC | User Name: bischoff | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.05.17 19:51:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\bischoff\Downloads\OTL(2).exe

PRC - [2011.01.05 10:18:50 | 000,133,432 | -H-- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.2\ICQ.exe

PRC - [2009.06.18 10:04:36 | 000,772,096 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.05.17 19:51:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\bischoff\Downloads\OTL(2).exe

MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010.11.11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2010.11.11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2009.07.22 03:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009.03.02 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.05.22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

SRV - [2005.02.09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.10.24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2009.09.22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.07.22 03:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009.07.15 01:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009.06.27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009.06.24 21:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.22 16:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2009.03.25 17:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)

DRV:64bit: - [2009.03.25 17:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)

DRV:64bit: - [2009.03.25 17:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)

DRV:64bit: - [2009.03.25 17:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)

DRV:64bit: - [2009.03.25 17:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)

DRV:64bit: - [2009.03.25 17:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)

DRV:64bit: - [2009.03.25 17:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)

DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PDNMp50.sys -- (PDNMp50)

DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PDNSp50.sys -- (PDNSp50)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6

FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.5.76

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.05 21:59:55 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2010.08.24 11:17:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\bischoff\AppData\Roaming\mozilla\Extensions

[2011.05.17 19:18:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions

[2011.05.17 19:51:49 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.05.05 22:00:29 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.09.07 17:24:40 | 000,002,394 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\askcom.xml

[2011.05.13 17:14:38 | 000,000,950 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\icqplugin-1.xml

[2011.02.20 12:21:20 | 000,000,168 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\icqplugin.gif

[2011.02.20 12:21:20 | 000,000,618 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\icqplugin.src

[2011.05.01 17:47:59 | 000,001,056 | -H-- | M] () -- C:\Users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\searchplugins\icqplugin.xml

[2011.05.10 20:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.05.10 20:53:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.05.05 21:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions

[2011.05.05 21:59:50 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net

File not found (No name found) -- 

File not found (No name found) -- C:\USERS\BISCHOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I10K49T2.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI

File not found (No name found) -- C:\USERS\BISCHOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I10K49T2.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI

[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)

O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [LaunchList]  File not found

O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.03.23 06:44:31 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006.09.30 23:51:30 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]

O32 - AutoRun File - [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2006.10.01 00:10:34 | 000,000,147 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2006.09.25 00:53:27 | 000,602,112 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ CDFS ]

O33 - MountPoints2\{1739c819-a964-11de-a7f1-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{1739c819-a964-11de-a7f1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.)

O33 - MountPoints2\{c7109009-6e3d-11df-9f59-00269e5ff738}\Shell - "" = AutoRun

O33 - MountPoints2\{c7109009-6e3d-11df-9f59-00269e5ff738}\Shell\AutoRun\command - "" = F:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.16 15:03:14 | 000,000,000 | -H-D | C] -- C:\Users\bischoff\AppData\Roaming\Malwarebytes

[2011.05.16 15:03:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.05.16 15:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.05.16 15:03:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes

[2011.05.16 15:03:04 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.05.16 15:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.05.16 14:30:58 | 000,000,000 | -H-D | C] -- C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery

[2011.05.10 20:53:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sun

[2011.05.10 20:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011.04.21 20:59:06 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.05.17 18:25:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.05.17 09:05:13 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.05.17 09:05:13 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.05.17 09:00:47 | 000,000,887 | -H-- | M] () -- C:\ProgramData\hpqp.ini

[2011.05.17 08:57:40 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys

[2011.05.16 14:38:11 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44293880r

[2011.05.16 14:38:11 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~44293880

[2011.05.16 14:35:42 | 000,000,400 | -H-- | M] () -- C:\ProgramData\44293880

[2011.05.16 14:30:59 | 000,000,635 | -H-- | M] () -- C:\Users\bischoff\Desktop\Windows 7 Recovery.lnk

[2011.04.22 20:58:21 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.04.22 20:58:21 | 000,656,266 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.04.22 20:58:21 | 000,618,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.04.22 20:58:21 | 000,131,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.04.22 20:58:21 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.04.21 20:59:06 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

 
 ========== Files Created - No Company Name ==========

 

[2011.05.16 14:33:32 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~44293880r

[2011.05.16 14:33:32 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~44293880

[2011.05.16 14:30:59 | 000,000,635 | -H-- | C] () -- C:\Users\bischoff\Desktop\Windows 7 Recovery.lnk

[2011.05.16 14:30:56 | 000,000,400 | -H-- | C] () -- C:\ProgramData\44293880

[2011.02.11 19:26:51 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.26 12:36:40 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2010.12.10 20:30:52 | 000,000,526 | ---- | C] () -- C:\Windows\eReg.dat

[2010.05.30 19:10:47 | 001,432,080 | ---- | C] () -- C:\Programme\setup_dm_Fotowelt.exe

[2010.03.16 20:33:04 | 000,093,696 | -H-- | C] () -- C:\Users\bischoff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.03.08 20:56:30 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010.03.07 15:25:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.09.25 01:47:51 | 000,000,887 | -H-- | C] () -- C:\ProgramData\hpqp.ini

[2009.08.19 16:15:14 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat

[2009.07.15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin

[2009.07.13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009.07.13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2009.07.13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

 
 ========== LOP Check ==========

 

[2010.12.26 12:36:50 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Atari

[2010.09.06 13:26:33 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Gamelab

[2011.05.10 19:10:45 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\ICQ

[2010.12.26 12:36:06 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Leadertech

[2010.09.08 13:38:41 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\temp

[2010.09.06 13:25:14 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\WildTangent

[2011.02.22 23:48:21 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\_MDLogs

[2011.03.29 10:08:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.08.28 09:34:07 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Adobe

[2010.12.26 12:36:50 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Atari

[2010.04.27 08:51:48 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\CyberLink

[2010.09.06 13:26:33 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Gamelab

[2010.03.08 20:54:34 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Hewlett-Packard

[2010.03.06 16:29:31 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\HP TCS

[2011.05.17 14:05:14 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\hpqlog

[2010.03.07 15:08:27 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\HpUpdate

[2011.05.10 19:10:45 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\ICQ

[2010.03.06 16:32:48 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Identities

[2010.12.26 12:36:06 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Leadertech

[2010.04.28 14:59:48 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Macromedia

[2011.05.16 15:03:15 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Malwarebytes

[2009.09.25 11:13:04 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Media Center Programs

[2011.01.12 15:18:10 | 000,000,000 | --SD | M] -- C:\Users\bischoff\AppData\Roaming\Microsoft

[2010.08.24 11:17:24 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\Mozilla

[2010.03.07 15:15:56 | 000,000,000 | RH-D | M] -- C:\Users\bischoff\AppData\Roaming\SecuROM

[2010.09.08 13:38:41 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\temp

[2010.09.06 13:25:14 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\WildTangent

[2011.02.22 23:48:21 | 000,000,000 | -H-D | M] -- C:\Users\bischoff\AppData\Roaming\_MDLogs

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.5.76

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

[2011.05.17 19:51:49 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.05.05 22:00:29 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2011.05.05 21:59:50 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net

File not found (No name found) -- C:\USERS\BISCHOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I10K49T2.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI

File not found (No name found) -- C:\USERS\BISCHOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I10K49T2.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI

O4 - HKLM..\Run: []  File not found

O4 - HKCU..\Run: [LaunchList]  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.03.23 06:44:31 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006.09.30 23:51:30 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]

O32 - AutoRun File - [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2006.10.01 00:10:34 | 000,000,147 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2006.09.25 00:53:27 | 000,602,112 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ CDFS ]

O33 - MountPoints2\{1739c819-a964-11de-a7f1-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{1739c819-a964-11de-a7f1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2006.09.30 23:51:28 | 000,724,992 | R--- | M] (Electronic Arts Inc.)

O33 - MountPoints2\{c7109009-6e3d-11df-9f59-00269e5ff738}\Shell - "" = AutoRun

O33 - MountPoints2\{c7109009-6e3d-11df-9f59-00269e5ff738}\Shell\AutoRun\command - "" = F:\Startme.exe

[2011.05.16 14:38:11 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44293880r

[2011.05.16 14:38:11 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~44293880

[2011.05.16 14:35:42 | 000,000,400 | -H-- | M] () -- C:\ProgramData\44293880

[2011.05.16 14:30:59 | 000,000,635 | -H-- | M] () -- C:\Users\bischoff\Desktop\Windows 7 Recovery.lnk

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Also... der Rechner wurde gleich nach dem Fixen neu gestartet und dann hat er das Logfile angezeigt.

========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: toolbar-ff@payback.de:1.0.5.76 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
Folder move failed. C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} scheduled to be moved on reboot.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\search\engine folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\newtab\initial-thumbs folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\homebutton folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\ebay folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\brand folder moved successfully.
Folder move failed. C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin scheduled to be moved on reboot.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\main folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ebay folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\main folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help\page folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ebay folder moved successfully.
Folder move failed. C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale scheduled to be moved on reboot.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\util folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\tracking folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\search\mcollect folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\main folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\hotnews folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\ebay folder moved successfully.
Folder move failed. C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content scheduled to be moved on reboot.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\components folder moved successfully.
Folder move failed. C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LaunchList deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1739c819-a964-11de-a7f1-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1739c819-a964-11de-a7f1-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1739c819-a964-11de-a7f1-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1739c819-a964-11de-a7f1-806e6f6e6963}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7109009-6e3d-11df-9f59-00269e5ff738}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7109009-6e3d-11df-9f59-00269e5ff738}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7109009-6e3d-11df-9f59-00269e5ff738}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7109009-6e3d-11df-9f59-00269e5ff738}\ not found.
File F:\Startme.exe not found.
C:\ProgramData\~44293880r moved successfully.
C:\ProgramData\~44293880 moved successfully.
C:\ProgramData\44293880 moved successfully.
C:\Users\bischoff\Desktop\Windows 7 Recovery.lnk moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_213337

Files\Folders moved on Reboot...
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net folder moved successfully.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hier das Log von Kaspersky:

2011/05/18 12:14:12.0731 2732 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/18 12:14:13.0110 2732 ================================================================================
2011/05/18 12:14:13.0110 2732 SystemInfo:
2011/05/18 12:14:13.0110 2732
2011/05/18 12:14:13.0110 2732 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/18 12:14:13.0110 2732 Product type: Workstation
2011/05/18 12:14:13.0111 2732 ComputerName: BISCHOFF-PC
2011/05/18 12:14:13.0111 2732 UserName: bischoff
2011/05/18 12:14:13.0111 2732 Windows directory: C:\Windows
2011/05/18 12:14:13.0111 2732 System windows directory: C:\Windows
2011/05/18 12:14:13.0111 2732 Running under WOW64
2011/05/18 12:14:13.0111 2732 Processor architecture: Intel x64
2011/05/18 12:14:13.0111 2732 Number of processors: 2
2011/05/18 12:14:13.0111 2732 Page size: 0x1000
2011/05/18 12:14:13.0111 2732 Boot type: Normal boot
2011/05/18 12:14:13.0111 2732 ================================================================================
2011/05/18 12:14:14.0435 2732 Initialize success
2011/05/18 12:14:57.0164 3732 ================================================================================
2011/05/18 12:14:57.0164 3732 Scan started
2011/05/18 12:14:57.0164 3732 Mode: Manual;
2011/05/18 12:14:57.0164 3732 ================================================================================
2011/05/18 12:14:57.0725 3732 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/18 12:14:57.0808 3732 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/18 12:14:57.0854 3732 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/18 12:14:57.0920 3732 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/18 12:14:57.0995 3732 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/18 12:14:58.0023 3732 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/18 12:14:58.0115 3732 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/18 12:14:58.0195 3732 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/05/18 12:14:58.0280 3732 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/18 12:14:58.0345 3732 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/18 12:14:58.0368 3732 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/18 12:14:58.0428 3732 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/18 12:14:58.0459 3732 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/18 12:14:58.0532 3732 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/18 12:14:58.0595 3732 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/18 12:14:58.0655 3732 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/18 12:14:58.0717 3732 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/18 12:14:58.0802 3732 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/18 12:14:58.0845 3732 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/18 12:14:58.0913 3732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/18 12:14:58.0963 3732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/18 12:14:59.0066 3732 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/18 12:14:59.0201 3732 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/18 12:14:59.0283 3732 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/18 12:14:59.0342 3732 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/18 12:14:59.0419 3732 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/18 12:14:59.0479 3732 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/18 12:14:59.0529 3732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/18 12:14:59.0557 3732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/18 12:14:59.0602 3732 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/18 12:14:59.0650 3732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/18 12:14:59.0673 3732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/18 12:14:59.0703 3732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/18 12:14:59.0739 3732 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/18 12:14:59.0784 3732 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/18 12:14:59.0875 3732 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/18 12:14:59.0946 3732 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/18 12:14:59.0990 3732 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/18 12:15:00.0076 3732 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/18 12:15:00.0114 3732 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/18 12:15:00.0161 3732 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/18 12:15:00.0244 3732 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/18 12:15:00.0307 3732 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/18 12:15:00.0368 3732 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/18 12:15:00.0464 3732 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/18 12:15:00.0500 3732 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/18 12:15:00.0558 3732 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/18 12:15:00.0630 3732 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/18 12:15:00.0701 3732 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/18 12:15:00.0821 3732 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/18 12:15:00.0993 3732 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/18 12:15:01.0022 3732 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/18 12:15:01.0101 3732 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/18 12:15:01.0137 3732 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/18 12:15:01.0208 3732 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/18 12:15:01.0267 3732 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/18 12:15:01.0300 3732 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/18 12:15:01.0360 3732 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/18 12:15:01.0388 3732 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/18 12:15:01.0439 3732 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/18 12:15:01.0464 3732 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/18 12:15:01.0549 3732 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/18 12:15:01.0592 3732 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/18 12:15:01.0709 3732 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/18 12:15:01.0780 3732 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/18 12:15:01.0843 3732 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/18 12:15:01.0867 3732 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/18 12:15:01.0902 3732 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/18 12:15:01.0934 3732 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/18 12:15:01.0991 3732 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/18 12:15:02.0080 3732 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/18 12:15:02.0142 3732 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/18 12:15:02.0219 3732 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/18 12:15:02.0265 3732 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/18 12:15:02.0333 3732 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/18 12:15:02.0389 3732 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/18 12:15:02.0595 3732 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/18 12:15:02.0753 3732 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/18 12:15:02.0799 3732 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/18 12:15:02.0872 3732 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/18 12:15:02.0895 3732 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/18 12:15:02.0934 3732 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/18 12:15:02.0983 3732 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/18 12:15:03.0032 3732 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/18 12:15:03.0059 3732 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/18 12:15:03.0105 3732 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/18 12:15:03.0178 3732 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/18 12:15:03.0237 3732 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/18 12:15:03.0291 3732 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/18 12:15:03.0332 3732 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/18 12:15:03.0361 3732 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/18 12:15:03.0462 3732 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/18 12:15:03.0545 3732 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/18 12:15:03.0595 3732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/18 12:15:03.0615 3732 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/18 12:15:03.0657 3732 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/18 12:15:03.0718 3732 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/18 12:15:03.0766 3732 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/18 12:15:03.0809 3732 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/18 12:15:03.0852 3732 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/18 12:15:03.0900 3732 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/18 12:15:03.0962 3732 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/18 12:15:04.0017 3732 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/18 12:15:04.0043 3732 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/18 12:15:04.0140 3732 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/05/18 12:15:04.0197 3732 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/18 12:15:04.0265 3732 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/05/18 12:15:04.0312 3732 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/18 12:15:04.0345 3732 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/18 12:15:04.0394 3732 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/18 12:15:04.0414 3732 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/18 12:15:04.0469 3732 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/18 12:15:04.0517 3732 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/18 12:15:04.0557 3732 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/18 12:15:04.0624 3732 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/18 12:15:04.0653 3732 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/18 12:15:04.0668 3732 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/18 12:15:04.0746 3732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/18 12:15:04.0786 3732 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/18 12:15:04.0809 3732 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/18 12:15:04.0858 3732 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/18 12:15:04.0891 3732 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/18 12:15:04.0925 3732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/18 12:15:04.0957 3732 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/18 12:15:05.0015 3732 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/18 12:15:05.0082 3732 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/18 12:15:05.0164 3732 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/18 12:15:05.0231 3732 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/18 12:15:05.0281 3732 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/18 12:15:05.0339 3732 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/18 12:15:05.0368 3732 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/18 12:15:05.0398 3732 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/18 12:15:05.0428 3732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/18 12:15:05.0469 3732 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/18 12:15:05.0663 3732 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/05/18 12:15:05.0847 3732 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/18 12:15:05.0946 3732 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/05/18 12:15:06.0044 3732 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/18 12:15:06.0070 3732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/18 12:15:06.0154 3732 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/18 12:15:06.0207 3732 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/18 12:15:06.0287 3732 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
2011/05/18 12:15:06.0597 3732 nvlddmkm (e63279a205da5c225369770e400904a8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/18 12:15:06.0718 3732 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/18 12:15:06.0772 3732 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/18 12:15:06.0847 3732 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/18 12:15:06.0921 3732 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/18 12:15:07.0020 3732 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/18 12:15:07.0061 3732 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/18 12:15:07.0114 3732 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/18 12:15:07.0146 3732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/18 12:15:07.0227 3732 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/18 12:15:07.0258 3732 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/18 12:15:07.0383 3732 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/18 12:15:07.0493 3732 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/18 12:15:07.0540 3732 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/18 12:15:07.0627 3732 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/18 12:15:07.0701 3732 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/18 12:15:07.0774 3732 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/18 12:15:07.0823 3732 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/18 12:15:07.0847 3732 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/18 12:15:07.0902 3732 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/18 12:15:07.0936 3732 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/18 12:15:07.0970 3732 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/18 12:15:08.0025 3732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/18 12:15:08.0057 3732 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/18 12:15:08.0104 3732 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/18 12:15:08.0127 3732 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/18 12:15:08.0180 3732 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/18 12:15:08.0220 3732 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/18 12:15:08.0248 3732 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/18 12:15:08.0311 3732 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/18 12:15:08.0424 3732 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/18 12:15:08.0489 3732 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
2011/05/18 12:15:08.0555 3732 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/05/18 12:15:08.0662 3732 s1018bus (301fba4594fb5c0a469299a65106b4aa) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/05/18 12:15:08.0697 3732 s1018mdfl (d1d7c744f79710357e60fc04d125ed01) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/05/18 12:15:08.0726 3732 s1018mdm (7dbe12cccd837d4266b2ddd80a329c09) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/05/18 12:15:08.0756 3732 s1018mgmt (065ff5e62d2d18a6d93fd925546cd549) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/05/18 12:15:08.0786 3732 s1018nd5 (5101d815bdf0d667e3d5f0ea727caaee) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/05/18 12:15:08.0819 3732 s1018obex (13f220c65b444ac9bda49dacfc3230bb) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/05/18 12:15:08.0849 3732 s1018unic (ce7d8bce80211d8a35f6bd7a87791860) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/05/18 12:15:08.0894 3732 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/18 12:15:08.0939 3732 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/18 12:15:09.0012 3732 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/18 12:15:09.0069 3732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/18 12:15:09.0136 3732 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/18 12:15:09.0168 3732 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/18 12:15:09.0201 3732 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/18 12:15:09.0254 3732 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/18 12:15:09.0283 3732 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/18 12:15:09.0305 3732 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/18 12:15:09.0336 3732 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/18 12:15:09.0404 3732 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/18 12:15:09.0433 3732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/18 12:15:09.0503 3732 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/18 12:15:09.0577 3732 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/18 12:15:09.0649 3732 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/18 12:15:09.0701 3732 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/18 12:15:09.0768 3732 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/05/18 12:15:09.0823 3732 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/05/18 12:15:09.0900 3732 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/05/18 12:15:09.0993 3732 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/18 12:15:10.0082 3732 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/18 12:15:10.0157 3732 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/05/18 12:15:10.0229 3732 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/18 12:15:10.0307 3732 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/18 12:15:10.0408 3732 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/18 12:15:10.0541 3732 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/18 12:15:10.0589 3732 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/18 12:15:10.0622 3732 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/18 12:15:10.0639 3732 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/18 12:15:10.0667 3732 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/18 12:15:10.0707 3732 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/18 12:15:10.0771 3732 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/18 12:15:10.0836 3732 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/18 12:15:10.0876 3732 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/18 12:15:10.0909 3732 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/18 12:15:10.0955 3732 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/18 12:15:11.0011 3732 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/18 12:15:11.0044 3732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/18 12:15:11.0113 3732 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/18 12:15:11.0164 3732 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/18 12:15:11.0215 3732 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/18 12:15:11.0283 3732 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/18 12:15:11.0336 3732 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/05/18 12:15:11.0381 3732 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/18 12:15:11.0424 3732 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/18 12:15:11.0453 3732 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/18 12:15:11.0524 3732 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/18 12:15:11.0593 3732 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/18 12:15:11.0635 3732 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/18 12:15:11.0665 3732 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/18 12:15:11.0705 3732 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/18 12:15:11.0731 3732 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/18 12:15:11.0773 3732 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/18 12:15:11.0807 3732 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/18 12:15:11.0837 3732 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/18 12:15:11.0863 3732 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/18 12:15:11.0900 3732 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/18 12:15:11.0961 3732 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/18 12:15:12.0019 3732 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/18 12:15:12.0081 3732 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/18 12:15:12.0107 3732 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/18 12:15:12.0180 3732 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/18 12:15:12.0222 3732 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/18 12:15:12.0316 3732 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/18 12:15:12.0348 3732 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/18 12:15:12.0462 3732 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/18 12:15:12.0518 3732 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/18 12:15:12.0579 3732 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/18 12:15:12.0627 3732 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/18 12:15:12.0679 3732 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/18 12:15:12.0767 3732 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/05/18 12:15:12.0837 3732 ================================================================================
2011/05/18 12:15:12.0837 3732 Scan finished
2011/05/18 12:15:12.0837 3732 ================================================================================

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hier der Report:

Combofix Logfile:

Code:

ComboFix 11-05-17.01 - bischoff 18.05.2011  13:31:13.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4063.2478 [GMT 2:00]

ausgeführt von:: c:\users\bischoff\Desktop\cofi.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-18 bis 2011-05-18  ))))))))))))))))))))))))))))))

.

.

2011-05-18 11:36 . 2011-05-18 11:36        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-05-18 10:07 . 2011-04-11 08:21        8802128        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3DAAA42-F9C1-4EB0-9881-73926E7B7729}\mpengine.dll

2011-05-17 19:33 . 2011-05-17 19:33        --------        d-----w-        C:\_OTL

2011-05-16 13:03 . 2011-05-16 13:03        --------        d-----w-        c:\users\bischoff\AppData\Roaming\Malwarebytes

2011-05-16 13:03 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-16 13:03 . 2011-05-16 13:03        --------        d-----w-        c:\programdata\Malwarebytes

2011-05-16 13:03 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-05-16 13:03 . 2011-05-17 08:14        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-10 18:53 . 2011-05-10 18:53        --------        d-----w-        c:\program files (x86)\Common Files\Java

2011-05-10 18:53 . 2010-09-15 02:50        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-05-10 18:20 . 2011-04-09 06:45        5509504        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-05-10 18:20 . 2011-04-09 06:13        3957632        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2011-05-10 18:20 . 2011-04-09 06:13        3901824        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2011-05-10 18:20 . 2011-03-25 03:23        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys

2011-05-10 18:20 . 2011-03-25 03:23        98816        ----a-w-        c:\windows\system32\drivers\usbccgp.sys

2011-05-10 18:20 . 2011-03-25 03:23        324608        ----a-w-        c:\windows\system32\drivers\usbport.sys

2011-05-10 18:20 . 2011-03-25 03:22        52224        ----a-w-        c:\windows\system32\drivers\usbehci.sys

2011-05-10 18:20 . 2011-03-25 03:22        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys

2011-05-10 18:20 . 2011-03-25 03:22        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys

2011-05-10 18:20 . 2011-03-25 03:22        7936        ----a-w-        c:\windows\system32\drivers\usbd.sys

2011-05-05 19:59 . 2011-03-18 17:56        142296        ----a-w-        c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-05-05 19:59 . 2011-03-18 17:56        781272        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-05-05 19:59 . 2011-03-18 17:56        728024        ----a-w-        c:\program files (x86)\Mozilla Firefox\libGLESv2.dll

2011-05-05 19:59 . 2011-03-18 17:56        1975768        ----a-w-        c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll

2011-05-05 19:59 . 2011-03-18 17:56        1893336        ----a-w-        c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll

2011-05-05 19:59 . 2011-03-18 17:56        1874904        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozjs.dll

2011-05-05 19:59 . 2011-03-18 17:56        15832        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozalloc.dll

2011-05-05 19:59 . 2011-03-18 17:56        142296        ----a-w-        c:\program files (x86)\Mozilla Firefox\libEGL.dll

2011-04-27 08:52 . 2011-02-26 06:23        2870272        ----a-w-        c:\windows\explorer.exe

2011-04-27 08:52 . 2011-02-26 05:33        2614784        ----a-w-        c:\windows\SysWow64\explorer.exe

2011-04-27 08:52 . 2011-03-12 11:31        442880        ----a-w-        c:\windows\SysWow64\XpsPrint.dll

2011-04-27 08:52 . 2011-03-12 12:03        662528        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-04-21 18:59 . 2011-04-21 18:59        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-28 17:13 . 2011-03-09 08:25        1152832        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-04-11 08:21 . 2010-08-25 16:00        8802128        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-03-31 17:32 . 2011-03-02 21:35        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-03-29 20:38 . 2011-03-29 20:38        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll

2011-03-29 20:37 . 2011-03-02 20:35        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-03-29 19:36 . 2011-03-02 20:34        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-03-11 06:19 . 2011-04-14 17:08        1395712        ----a-w-        c:\windows\system32\mfc42.dll

2011-03-11 06:19 . 2011-04-14 17:08        1359872        ----a-w-        c:\windows\system32\mfc42u.dll

2011-03-11 05:40 . 2011-04-14 17:08        1164288        ----a-w-        c:\windows\SysWow64\mfc42u.dll

2011-03-11 05:40 . 2011-04-14 17:08        1137664        ----a-w-        c:\windows\SysWow64\mfc42.dll

2011-03-09 08:26 . 2011-03-09 08:26        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-03-08 06:14 . 2011-04-14 17:07        976896        ----a-w-        c:\windows\system32\inetcomm.dll

2011-03-08 05:38 . 2011-04-14 17:07        740864        ----a-w-        c:\windows\SysWow64\inetcomm.dll

2011-03-04 06:17 . 2011-04-27 08:52        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:17 . 2011-04-27 08:52        347648        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-03-03 06:17 . 2011-04-14 17:07        182272        ----a-w-        c:\windows\system32\dnsrslvr.dll

2011-03-03 06:14 . 2011-04-14 17:07        30208        ----a-w-        c:\windows\system32\dnscacheugc.exe

2011-03-03 05:27 . 2011-04-14 17:07        28672        ----a-w-        c:\windows\SysWow64\dnscacheugc.exe

2011-03-03 03:58 . 2011-04-14 17:08        3133440        ----a-w-        c:\windows\system32\win32k.sys

2011-03-02 21:35 . 2011-03-02 21:35        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-02-24 06:30 . 2011-04-14 17:08        476160        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-02-24 06:29 . 2011-04-14 17:08        1197056        ----a-w-        c:\windows\system32\wininet.dll

2011-02-24 06:24 . 2011-04-14 17:08        57856        ----a-w-        c:\windows\system32\licmgr10.dll

2011-02-24 05:32 . 2011-04-14 17:08        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll

2011-02-24 05:32 . 2011-04-14 17:08        981504        ----a-w-        c:\windows\SysWow64\wininet.dll

2011-02-24 05:30 . 2011-04-14 17:08        44544        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2011-02-24 05:05 . 2011-04-14 17:08        482816        ----a-w-        c:\windows\system32\html.iec

2011-02-24 04:24 . 2011-04-14 17:08        1638912        ----a-w-        c:\windows\system32\mshtml.tlb

2011-02-24 04:23 . 2011-04-14 17:08        386048        ----a-w-        c:\windows\SysWow64\html.iec

2011-02-24 03:50 . 2011-04-14 17:08        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2011-02-23 05:16 . 2011-04-14 17:08        461312        ----a-w-        c:\windows\system32\drivers\srv.sys

2011-02-23 05:16 . 2011-04-14 17:08        401920        ----a-w-        c:\windows\system32\drivers\srv2.sys

2011-02-23 05:15 . 2011-04-14 17:08        161792        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2011-02-23 05:15 . 2011-04-14 17:07        157696        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-02-23 05:15 . 2011-04-14 17:07        286720        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-02-23 05:15 . 2011-04-14 17:07        126464        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys

2011-02-23 05:15 . 2011-04-14 17:07        90624        ----a-w-        c:\windows\system32\drivers\bowser.sys

2011-02-19 06:37 . 2011-03-09 20:27        1135104        ----a-w-        c:\windows\system32\FntCache.dll

2011-02-19 06:37 . 2011-03-09 20:27        1540608        ----a-w-        c:\windows\system32\DWrite.dll

2011-02-19 06:36 . 2011-03-09 20:27        902656        ----a-w-        c:\windows\system32\d2d1.dll

2011-02-19 06:36 . 2011-04-14 17:08        46080        ----a-w-        c:\windows\system32\atmlib.dll

2011-02-19 05:32 . 2011-03-09 20:27        1074176        ----a-w-        c:\windows\SysWow64\DWrite.dll

2011-02-19 05:32 . 2011-03-09 20:27        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll

2011-02-19 05:32 . 2011-04-14 17:08        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll

2011-02-19 04:13 . 2011-04-14 17:08        367104        ----a-w-        c:\windows\system32\atmfd.dll

2011-02-19 03:37 . 2011-04-14 17:08        294912        ----a-w-        c:\windows\SysWow64\atmfd.dll

2011-02-18 06:37 . 2011-04-14 17:08        612352        ----a-w-        c:\windows\system32\vbscript.dll

2011-02-18 05:36 . 2011-04-14 17:08        428032        ----a-w-        c:\windows\SysWow64\vbscript.dll

2010-05-30 17:06 . 2010-05-30 17:10        1432080        ----a-w-        c:\program files\setup_dm_Fotowelt.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-15 1668664]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-06-18 772096]

"EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-23 468264]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-12 581480]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - KLMD25

*Deregistered* - klmd25

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

ezSharedSvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 10:11        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 16334368]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 171520]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - user.js: yahoo.homepage.dontask - true

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-168927394-577395536-1844242911-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:e4,c7,7e,23,f7,82,29,54,a7,6b,44,1e,61,b1,3e,63,51,5d,5f,12,fa,22,41,

   e7,cf,ff,88,1b,3f,9c,ce,76,92,77,d6,92,58,c4,d5,ef,f0,b2,99,3d,31,11,30,20,\

"??"=hex:52,57,98,19,37,aa,d9,ea,4c,15,e3,2a,ae,c8,75,b1

.

[HKEY_USERS\S-1-5-21-168927394-577395536-1844242911-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:0d,46,52,8e,86,83,87,0a,27,be,b0,54,01,ee,5e,cb,49,3e,e9,81,bf,

   89,6d,7e,6c,44,7f,9e,68,20,ad,36,ad,ea,54,c4,78,19,87,a5,0f,75,ef,ef,a4,88,\

"rkeysecu"=hex:8b,0d,55,47,80,5a,30,b0,94,6b,50,99,43,63,9a,5d

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-05-18  13:38:09

ComboFix-quarantined-files.txt  2011-05-18 11:38

.

Vor Suchlauf: 13 Verzeichnis(se), 229.742.592.000 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 233.020.600.320 Bytes frei

.

- - End Of File - - 608100E2748A1505AF6FE46B790DEDDC

--- --- ---

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

GMER habe ich zwar durchgeführt aber irgendwie hat das mit der Zwischenablage nicht geklappt. Trotz anklicken von "Copy" hat er mir aus der Zwischenablage immer noch das vorhergehende LOG von ComboFix eingefügt. Weiß nicht wie ich sonst an das LOG komme.
Hier das MBRCheck-Log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ71 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 229):
0x02C5F000 \SystemRoot\system32\ntoskrnl.exe
0x02C16000 \SystemRoot\system32\hal.dll
0x00BBC000 \SystemRoot\system32\kdcom.dll
0x00CCB000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D0F000 \SystemRoot\system32\PSHED.dll
0x00D23000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EAD000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F51000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F60000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FB7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FC0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FCA000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E0D000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00E16000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D81000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00E87000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E97000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00E9E000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00EA5000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00DDD000 \SystemRoot\System32\drivers\mountmgr.sys
0x010CA000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x010F0000 \SystemRoot\system32\drivers\nvraid.sys
0x01118000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01148000 \SystemRoot\system32\DRIVERS\pciide.sys
0x0114F000 \SystemRoot\system32\DRIVERS\viaide.sys
0x01235000 \SystemRoot\system32\drivers\iaStorV.sys
0x01353000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0135C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01386000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01157000 \SystemRoot\system32\DRIVERS\storport.sys
0x013A3000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013AE000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01000000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01461000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x014B7000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x014E6000 \SystemRoot\system32\drivers\amdsata.sys
0x01504000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x0154B000 \SystemRoot\system32\drivers\amdxata.sys
0x01556000 \SystemRoot\system32\DRIVERS\arc.sys
0x0156F000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x016E1000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01768000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01779000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x01798000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x017AB000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x017CA000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01600000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x016A4000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x016B4000 \SystemRoot\system32\drivers\nvstor.sys
0x01827000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x0158A000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019CB000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019D9000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019F1000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x017D6000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01400000 \SystemRoot\system32\drivers\fltmgr.sys
0x01800000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A5A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01CAC000 \SystemRoot\System32\Drivers\msrpc.sys
0x01D0A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01D24000 \SystemRoot\System32\Drivers\cng.sys
0x01D97000 \SystemRoot\System32\drivers\pcw.sys
0x01DA8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01E73000 \SystemRoot\system32\drivers\ndis.sys
0x01F65000 \SystemRoot\system32\drivers\NETIO.SYS
0x01FC5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02000000 \SystemRoot\System32\drivers\tcpip.sys
0x01E00000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01E4A000 \SystemRoot\system32\DRIVERS\wd.sys
0x01DB2000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01E52000 \SystemRoot\System32\Drivers\spldr.sys
0x01C00000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01C1D000 \SystemRoot\System32\drivers\rdyboost.sys
0x01E5A000 \SystemRoot\System32\Drivers\mup.sys
0x01FF0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01C57000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01C91000 \SystemRoot\system32\DRIVERS\disk.sys
0x013C5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01200000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01A38000 \SystemRoot\System32\Drivers\Null.SYS
0x01FF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x01A41000 \SystemRoot\System32\drivers\vga.sys
0x0107B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01814000 \SystemRoot\System32\drivers\watchdog.sys
0x01A4F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0144C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01455000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015E9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013EF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x010A0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011B9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0346C000 \SystemRoot\system32\drivers\afd.sys
0x034F6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0353B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03544000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0356A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03580000 \SystemRoot\system32\DRIVERS\netbios.sys
0x035AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x035C7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03400000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03451000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0345D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0358F000 \SystemRoot\System32\drivers\discache.sys
0x035DB000 \SystemRoot\System32\Drivers\dfsc.sys
0x011C6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x011D7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0420F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04225000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x050C9000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05BC8000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0422A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05046000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x05053000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x050A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05BCA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0444A000 \SystemRoot\system32\DRIVERS\athrx.sys
0x045B9000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x045C6000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04400000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0441E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x0442A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0431E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04439000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0443B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05BEE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04367000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04377000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0438D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x050BA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x043B1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x043E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04651000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04672000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0468C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0468E000 \SystemRoot\system32\DRIVERS\ks.sys
0x046D1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x046E3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0473D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04752000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x04600000 \SystemRoot\system32\DRIVERS\portcls.sys
0x047CD000 \SystemRoot\system32\DRIVERS\drmk.sys
0x047EF000 \SystemRoot\system32\drivers\ksthunk.sys
0x06606000 \SystemRoot\system32\drivers\nvhda64v.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x0661E000 \SystemRoot\System32\drivers\Dxapi.sys
0x0662A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x06647000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06655000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06661000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x0666C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0667F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0668D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x066A6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x066AF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x066BC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x066D9000 \SystemRoot\System32\Drivers\usbvideo.sys
0x06707000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005F0000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\ATMFD.DLL
0x00830000 \SystemRoot\System32\cdd.dll
0x06715000 \SystemRoot\system32\drivers\luafv.sys
0x06738000 \SystemRoot\system32\drivers\WudfPf.sys
0x06759000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0676E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x067C1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x067D4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06895000 \SystemRoot\system32\drivers\HTTP.sys
0x0695D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0697B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06993000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0684E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x070F6000 \SystemRoot\system32\drivers\peauth.sys
0x0719C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x071A7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x071D4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07000000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0727C000 \SystemRoot\System32\DRIVERS\srv.sys
0x073A0000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x073A8000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x073CD000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x77630000 \Windows\System32\ntdll.dll
0x47AF0000 \Windows\System32\smss.exe
0xFF950000 \Windows\System32\apisetschema.dll
0xFF840000 \Windows\System32\autochk.exe
0x77800000 \Windows\System32\psapi.dll
0xFF760000 \Windows\System32\setupapi.dll
0xFF680000 \Windows\System32\advapi32.dll
0xFF660000 \Windows\System32\imagehlp.dll
0xFF5E0000 \Windows\System32\shlwapi.dll
0xFF5D0000 \Windows\System32\lpk.dll
0xFF4C0000 \Windows\System32\msctf.dll
0xFF450000 \Windows\System32\gdi32.dll
0xFF320000 \Windows\System32\wininet.dll
0xFF2F0000 \Windows\System32\imm32.dll
0x77530000 \Windows\System32\user32.dll
0xFF250000 \Windows\System32\comdlg32.dll
0xFF230000 \Windows\System32\sechost.dll
0xFF020000 \Windows\System32\ole32.dll
0x77410000 \Windows\System32\kernel32.dll
0xFF010000 \Windows\System32\nsi.dll
0xFEE90000 \Windows\System32\urlmon.dll
0xFED60000 \Windows\System32\rpcrt4.dll
0xFDFD0000 \Windows\System32\shell32.dll
0xFDF80000 \Windows\System32\ws2_32.dll
0xFDEE0000 \Windows\System32\clbcatq.dll
0xFDE60000 \Windows\System32\difxapi.dll
0xFDC00000 \Windows\System32\iertutil.dll
0xFDB20000 \Windows\System32\oleaut32.dll
0xFDAD0000 \Windows\System32\Wldap32.dll
0x777F0000 \Windows\System32\normaliz.dll
0xFDA30000 \Windows\System32\msvcrt.dll
0xFD960000 \Windows\System32\usp10.dll
0xFD8C0000 \Windows\System32\comctl32.dll
0xFD880000 \Windows\System32\wintrust.dll
0xFD710000 \Windows\System32\crypt32.dll
0xFD6D0000 \Windows\System32\cfgmgr32.dll
0xFD660000 \Windows\System32\KernelBase.dll
0xFD640000 \Windows\System32\devobj.dll
0xFD630000 \Windows\System32\msasn1.dll
0x76530000 \Windows\SysWOW64\normaliz.dll

Processes (total 65):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
368 csrss.exe
432 C:\Windows\System32\wininit.exe
448 csrss.exe
480 C:\Windows\System32\services.exe
496 C:\Windows\System32\lsass.exe
504 C:\Windows\System32\lsm.exe
628 C:\Windows\System32\svchost.exe
692 C:\Windows\System32\nvvsvc.exe
732 C:\Windows\System32\svchost.exe
796 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
848 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
748 C:\Windows\System32\winlogon.exe
1064 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\nvvsvc.exe
1372 C:\Windows\System32\spoolsv.exe
1412 C:\Windows\System32\svchost.exe
1688 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
1776 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1904 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2020 C:\Windows\System32\svchost.exe
1524 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
624 C:\Windows\System32\SearchIndexer.exe
2568 C:\Windows\System32\taskhost.exe
1264 C:\Windows\System32\dwm.exe
2352 C:\Windows\explorer.exe
2784 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2584 C:\Program Files\IDT\WDM\sttray64.exe
2588 C:\Program Files\Java\jre6\bin\jusched.exe
2216 C:\Program Files\Microsoft Security Client\msseces.exe
2644 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
320 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
1420 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
2816 C:\Program Files (x86)\ICQ7.2\ICQ.exe
2192 C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
2536 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1660 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2740 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
2636 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1084 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
2548 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2628 WmiPrvSE.exe
1316 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1744 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3244 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3392 C:\Windows\System32\wuauclt.exe
3804 C:\Windows\System32\audiodg.exe
1968 C:\Windows\System32\wbengine.exe
3792 C:\Windows\System32\vds.exe
2964 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3040 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3504 C:\Windows\System32\taskhost.exe
1752 MpCmdRun.exe
3260 C:\Windows\explorer.exe
2304 C:\Windows\System32\SearchProtocolHost.exe
4064 C:\Windows\System32\SearchFilterHost.exe
1540 C:\Users\bischoff\Desktop\MBRCheck.exe
2008 C:\Windows\System32\conhost.exe
2772 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`64700000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 5B0E5F15069BD77F643C7A73C1D68021BA42EFCE

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Gab es auffällige Meldungen von GMER? Irgendwas von Rootkit o.ä.?

Zitat:

298 GB \\.\PhysicalDrive0 Unknown MBR code

Wir sollten den MBR fixen. Brenner und einen CD-Rohling hast du?

Ich saß nicht dabei als GMER drüber lief. Als es fertig war, kam jedenfalls keine Meldung. Soll ich es nochmal starten?
Brenner hab ich, Rohling auch. Hoffe, daß ich das hinkriege, habe bisher nur CDs kopiert oder nen selbst erstellten Film kopiert, das geht aber dann automatisch vom Programm aus. Aber ich hab ja ne gute Anleitung ;-)

Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Win7 (64-Bit) installiert?
Wenn nicht: Schau mal hier => RescueDisc-Win7-64-Bit

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Win7-Installations-DVD (64-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

Das Image kann ich doch sicher auch auf meine externe Festplatte machen? Ich habe dort meine Bilder und andere wichtige Daten gesichert (aber nicht als Image).
Habe kein weiteres BS installiert.
Denke nicht, daß ich eine Win7 CD, war vorinstalliert, musste nichts machen.
Bei den vielen Infos weiß ich grad nicht, was ich als nächstes machen soll.

Das Image von der Win7-Rescue-CD? Kann man schon auf eine externe Platte kopieren, bringt aber nichts. Du kannst dann nicht davon booten. Deswegen brenn das Image per Imagebrennfunktion auf einen CD-Rohling. Leere CDRW geht auch.

Das Backup der Bilder muss natürlich nicht in ein Image gegossen werden.

Krieg das mit ImgBurn nicht hin (alles englisch - blick nix)... hab jetzt mal versucht per power2go. er zeigt mal an: disc-image brennen, jetzt isser fertig
hier das Protokoll (hat er - denk ich mal - gemacht):
User Name : HP
Company Name : CyberLink
CDKey :
OS Version : Windows 7 Home Basic/Premium
C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe : Version 6.0.0.3101
CBS.dll : Version 7.7.4205

==================================================================

Total physical memory : 4062MB (4160436KB)
Free physical memory : 2298MB (2353908KB)
Memory load : 43 percent

Number of CPU : 2
CPU Name : Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
CPU Speed : 2094 MHz

==================================================================

18.5.2011
Task Type : Disc-Image brennen

22:50:02, File(cl_DiscCopyCD.cpp), Line(90)
-> Begin burning process
Current drive: <E: hp DVD RW AD-7581S 4H73>
Current writing speed(x): 24.0
====== Disc Info =======
Disc Type: CD-R
Disc Status: Blank, Appendable
Num. of Sessions: 1 Num. of Tracks: 1
Disc Capacity: 359847LBs
Free Size: 359847LBs Used Size: 0LBs
========================
->Burn from image
Burn option: w/ buffer underrun protection
Burn option: w/o simulation
Burn option: w/o overburn
Burn option: w/o verify disc
Burn option: w/o extra long disc

22:50:02, File(cl_Cdwrite.cpp), Line(2671)
-> Setup drive
Sessn: 1, Sessn type: Disc At Once
Disc physical format: CDROM_MODE1
Trk: 1, Trk mode: MODE1

22:50:02, File(cl_Cdwrite.cpp), Line(1958)
-> Start session
Sessn: 1, Start trk: 1, Last trk: 1

22:50:02, File(cl_Cdwrite.cpp), Line(1984)
-> Start track
Trk: 1, Track start addr(LBA): 0, Trk size(sectors): 84825, Sector size(bytes): 2048

22:51:55, File(cl_Cdwrite.cpp), Line(2202)
-> Write end track

22:51:55, File(cl_Cdwrite.cpp), Line(2231)
-> Write end session

22:52:09, File(cl_Cdwrite.cpp), Line(2404)
-> Write end/Close disc

22:52:09, File(cl_DiscCopyCD.cpp), Line(1712)
-> End burning process

==================================================================

Folge mal dem zweiten Link in meiner Signatur, da wird beschrieben wie man ein ISO-Image mit ImgBurn brennt am Beispiel einer Ubuntu-Imagedatei.

so.... er arbeitet... aber ich merke, daß meine Konzentration nachlässt....
nach dem brennen werde ich aufhören und morgen abend weiter machen. Morgen muß ich bis 19.00 uhr arbeiten und kann erst wieder so gegen 22.00 uhr hier weiter machen.
So er ist fertig.... werde morgen alles so weiter machen, wie "befohlen" und lasse die 2 programme nochmals drüber laufen. Hoffe, daß es diesmal mit dem GMER klappt.
Übrigens funktionieren diese Buttons in der Windowsleiste (ganz unten) nicht mehr. es kommt immer: dieses element kann nicht mehr geöffnet werden. es wurde evtl. verschoben gelöscht oder umbenannt. funktioniert erst wieder wenn ich eine datei in der art aufgerufen habe. denke, werde ich wieder wohl neu einrichten müssen, wobei ich da selbst garnix gemacht habe. so muß jezt gehen.... vielen dank mal vorab für die hilfe für den heutigen tag.... leider muß ich die nächsten beiden Tage arbeiten und hab nur abends Zeit.
see you

Hallo, bin wieder da....
Hab den Rechner mit der CD gebootet aber da läuft alles ganz normal ab. Es öffnet sich nix mit Computerreparaturoptionen. Was mach ich falsch?

Was heißt ganz normal? Du müsstest den Anfang von einem Windowsetup sehen, wo du zuerst die Sprache auswäglen musst, dann kann man unten auf die Computerreparaturoptionen klicken

Nein, passiert nix. Startet ganz normal. Versuche heute abend nochmal die letzten Schritte deiner Anweisungen durch zu gehen.

Hallo,
konnte die CD booten. Aber der Ablauf war etwas anders... konnte zwar eine Sprache auswählen aber war doch alles englisch. Konnte dann mal ein schwarzes Fenster öffnen (command prompt) und habe dann die 2 Befehle nacheinander eingegeben. es kam dann jedesmal die Meldung: the operation completed successfully. Ich hoffe, das war das gewünschte.
So, jetzt laß ich nochmal die 2 Dateien drüber laufen... melde mich wieder

So... GMER ist drüber -> wieder kein LOG, war aber nix auffälliges
und hier das Log von MBRcheck
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ71 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 227):
0x02C13000 \SystemRoot\system32\ntoskrnl.exe
0x031EF000 \SystemRoot\system32\hal.dll
0x00BB2000 \SystemRoot\system32\kdcom.dll
0x00C99000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CDD000 \SystemRoot\system32\PSHED.dll
0x00CF1000 \SystemRoot\system32\CLFS.SYS
0x00E10000 \SystemRoot\system32\CI.dll
0x00ED0000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F74000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F83000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FDA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FE3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D4F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FED000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00D82000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00DAC000 \SystemRoot\System32\drivers\partmgr.sys
0x00DC1000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00DCA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00DD6000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00C64000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E09000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00C74000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00C7B000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x0104A000 \SystemRoot\System32\drivers\mountmgr.sys
0x01064000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x0108A000 \SystemRoot\system32\drivers\nvraid.sys
0x010B2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x010E2000 \SystemRoot\system32\DRIVERS\pciide.sys
0x010E9000 \SystemRoot\system32\DRIVERS\viaide.sys
0x01266000 \SystemRoot\system32\drivers\iaStorV.sys
0x01384000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0138D000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x013B7000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01200000 \SystemRoot\system32\DRIVERS\storport.sys
0x013D4000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013DF000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x010F1000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x0116C000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x011C2000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01000000 \SystemRoot\system32\drivers\amdsata.sys
0x0147C000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x014C3000 \SystemRoot\system32\drivers\amdxata.sys
0x014CE000 \SystemRoot\system32\DRIVERS\arc.sys
0x014E7000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x01502000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01589000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x0159A000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x015B9000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x015CC000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x015EB000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01694000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01738000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x01748000 \SystemRoot\system32\drivers\nvstor.sys
0x0184F000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01773000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x01800000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x0180E000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01826000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x017D2000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01600000 \SystemRoot\system32\drivers\fltmgr.sys
0x01830000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A00000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01BA2000 \SystemRoot\System32\Drivers\msrpc.sys
0x0164C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01400000 \SystemRoot\System32\Drivers\cng.sys
0x01666000 \SystemRoot\System32\drivers\pcw.sys
0x01844000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01C1C000 \SystemRoot\system32\drivers\ndis.sys
0x01D0E000 \SystemRoot\system32\drivers\NETIO.SYS
0x01D6E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01E01000 \SystemRoot\System32\drivers\tcpip.sys
0x01D99000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01DE3000 \SystemRoot\system32\DRIVERS\wd.sys
0x02035000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x02081000 \SystemRoot\System32\Drivers\spldr.sys
0x02089000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x020A6000 \SystemRoot\System32\drivers\rdyboost.sys
0x020E0000 \SystemRoot\System32\Drivers\mup.sys
0x020F2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x020FB000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x02135000 \SystemRoot\system32\DRIVERS\disk.sys
0x02183000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x021AD000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x021DE000 \SystemRoot\System32\Drivers\Null.SYS
0x021E7000 \SystemRoot\System32\Drivers\Beep.SYS
0x021EE000 \SystemRoot\System32\drivers\vga.sys
0x02000000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02025000 \SystemRoot\System32\drivers\watchdog.sys
0x01DEB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01DF4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01C00000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01C09000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01677000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0101E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x019F3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x034FE000 \SystemRoot\system32\drivers\afd.sys
0x03588000 \SystemRoot\System32\DRIVERS\netbt.sys
0x035CD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x035D6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03400000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03416000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03442000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0345D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03471000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x034C2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x034CE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x034D9000 \SystemRoot\System32\drivers\discache.sys
0x0420B000 \SystemRoot\System32\Drivers\dfsc.sys
0x04229000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0423A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04260000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04276000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05058000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05B57000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0427B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05B59000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05B9F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x05000000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05BAC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05BBD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04462000 \SystemRoot\system32\DRIVERS\athrx.sys
0x045D1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04400000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04439000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x045DE000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x045EA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0436F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x045F9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05BE1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04457000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05BF0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x043B8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x043CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x046B2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x046E1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x046FC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0471D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04737000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04739000 \SystemRoot\system32\DRIVERS\ks.sys
0x0477C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0478E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x047E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04600000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x06653000 \SystemRoot\system32\DRIVERS\portcls.sys
0x06690000 \SystemRoot\system32\DRIVERS\drmk.sys
0x066B2000 \SystemRoot\system32\drivers\ksthunk.sys
0x066B8000 \SystemRoot\system32\drivers\nvhda64v.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x066D0000 \SystemRoot\System32\drivers\Dxapi.sys
0x066DC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x066EA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x066F6000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x06701000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06714000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06722000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0673B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06744000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06751000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0676E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0679C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\ATMFD.DLL
0x00800000 \SystemRoot\System32\cdd.dll
0x067AA000 \SystemRoot\system32\drivers\luafv.sys
0x067CD000 \SystemRoot\system32\drivers\WudfPf.sys
0x06600000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x068BC000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0690F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06922000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08054000 \SystemRoot\system32\drivers\HTTP.sys
0x0811C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0813A000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08152000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0817F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x081CD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0693A000 \SystemRoot\system32\drivers\peauth.sys
0x081F0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x08000000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0802D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x084FD000 \SystemRoot\System32\DRIVERS\srv.sys
0x08471000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x08481000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x777F0000 \Windows\System32\ntdll.dll
0x48110000 \Windows\System32\smss.exe
0xFFB10000 \Windows\System32\apisetschema.dll
0xFFF30000 \Windows\System32\autochk.exe
0xFFA90000 \Windows\System32\gdi32.dll
0xFFA70000 \Windows\System32\imagehlp.dll
0xFFA20000 \Windows\System32\ws2_32.dll
0xFFA00000 \Windows\System32\sechost.dll
0xFF8F0000 \Windows\System32\msctf.dll
0xFF770000 \Windows\System32\urlmon.dll
0x779C0000 \Windows\System32\psapi.dll
0xFF640000 \Windows\System32\rpcrt4.dll
0xFF5C0000 \Windows\System32\shlwapi.dll
0x776D0000 \Windows\System32\kernel32.dll
0xFF5B0000 \Windows\System32\lpk.dll
0xFF530000 \Windows\System32\difxapi.dll
0xFF4E0000 \Windows\System32\Wldap32.dll
0xFF280000 \Windows\System32\iertutil.dll
0xFF1E0000 \Windows\System32\msvcrt.dll
0xFF110000 \Windows\System32\usp10.dll
0xFE380000 \Windows\System32\shell32.dll
0xFE1A0000 \Windows\System32\setupapi.dll
0xFE100000 \Windows\System32\clbcatq.dll
0xFE0F0000 \Windows\System32\nsi.dll
0xFDEE0000 \Windows\System32\ole32.dll
0xFDEB0000 \Windows\System32\imm32.dll
0xFDDD0000 \Windows\System32\advapi32.dll
0x779B0000 \Windows\System32\normaliz.dll
0x775D0000 \Windows\System32\user32.dll
0xFDCA0000 \Windows\System32\wininet.dll
0xFDBC0000 \Windows\System32\oleaut32.dll
0xFDB20000 \Windows\System32\comdlg32.dll
0xFD9B0000 \Windows\System32\crypt32.dll
0xFD970000 \Windows\System32\wintrust.dll
0xFD900000 \Windows\System32\KernelBase.dll
0xFD8E0000 \Windows\System32\devobj.dll
0xFD840000 \Windows\System32\comctl32.dll
0xFD800000 \Windows\System32\cfgmgr32.dll
0xFD7F0000 \Windows\System32\msasn1.dll
0x76380000 \Windows\SysWOW64\normaliz.dll

Processes (total 63):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
372 csrss.exe
436 C:\Windows\System32\wininit.exe
448 csrss.exe
484 C:\Windows\System32\services.exe
500 C:\Windows\System32\lsass.exe
508 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\svchost.exe
676 C:\Windows\System32\nvvsvc.exe
716 C:\Windows\System32\svchost.exe
760 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
820 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
976 C:\Windows\System32\winlogon.exe
1048 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\nvvsvc.exe
1452 C:\Windows\System32\spoolsv.exe
1480 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
1672 C:\Windows\SysWOW64\svchost.exe
1784 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1864 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1912 C:\Windows\System32\svchost.exe
2172 C:\Windows\System32\taskhost.exe
2232 C:\Windows\System32\dwm.exe
2340 C:\Windows\explorer.exe
2540 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2548 C:\Program Files\IDT\WDM\sttray64.exe
2592 C:\Program Files\Java\jre6\bin\jusched.exe
2636 C:\Program Files\Microsoft Security Client\msseces.exe
2648 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
2684 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
2716 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
2956 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2992 C:\Program Files (x86)\ICQ7.2\ICQ.exe
3048 C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
3064 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2336 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2312 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
2256 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1036 C:\Windows\System32\SearchIndexer.exe
2804 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3004 WmiPrvSE.exe
3144 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3204 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3408 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3900 C:\Windows\System32\svchost.exe
4004 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
364 C:\Windows\System32\wuauclt.exe
3940 C:\Windows\splwow64.exe
3832 C:\Windows\System32\wbengine.exe
3484 C:\Windows\System32\vds.exe
3436 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3612 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
960 C:\Windows\System32\audiodg.exe
3764 C:\Users\bischoff\Desktop\MBRCheck.exe
2512 C:\Windows\System32\conhost.exe
3632 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`64700000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Zitat:

298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

Geht doch!! :abklatsch:

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

:huepp:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6640

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.05.2011 17:52:29
mbam-log-2011-05-22 (17-52-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 354783
Laufzeit: 50 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Rest folgt später....

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 05/22/2011 at 11:31 PM

Application Version : 4.52.1000

Core Rules Database Version : 7111
Trace Rules Database Version: 4923

Scan type : Complete Scan
Total Scan Time : 01:48:51

Memory items scanned : 616
Memory threats detected : 0
Registry items scanned : 14905
Registry threats detected : 0
File items scanned : 203139
File threats detected : 27

Adware.Tracking Cookie
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@at.atwola[2].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@bs.serving-sys[1].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@serving-sys[1].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@ad.yieldmanager[1].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@content.yieldmanager[2].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@tacoda.at.atwola[1].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@advertising[2].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@content.yieldmanager[3].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@doubleclick[1].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@ads.creative-serving[2].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@ar.atwola[1].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@sevenoneintermedia.112.2o7[1].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@cdn.at.atwola[1].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@host.oddcast[2].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@imrworldwide[2].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@eyewonder[2].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@tradedoubler[1].txt
C:\Users\bischoff\AppData\Roaming\Microsoft\Windows\Cookies\bischoff@atwola[2].txt
ch.mediaplanet.streamingbolaget.se [ C:\Users\bischoff\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W3L4F2QU ]
content.oddcast.com [ C:\Users\bischoff\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W3L4F2QU ]
counter.cam-content.com [ C:\Users\bischoff\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W3L4F2QU ]
ia.media-imdb.com [ C:\Users\bischoff\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W3L4F2QU ]
imagesrv.adition.com [ C:\Users\bischoff\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W3L4F2QU ]
media.scanscout.com [ C:\Users\bischoff\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W3L4F2QU ]
oddcast.com [ C:\Users\bischoff\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W3L4F2QU ]
s0.2mdn.net [ C:\Users\bischoff\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W3L4F2QU ]
secure-us.imrworldwide.com [ C:\Users\bischoff\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W3L4F2QU ]

Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Es kam noch eine Meldung von meinem MS Essentials... eine Trojaner-Bedrohung. Sie kam während Malware drüber lief. Hab ich dann gleich löschen lassen. Ansonsten war nix. Ist halt alles jetzt etwas anders als vorher. Die direkten Zugriffe auf der Leiste unten sind nicht mehr da aber ich denke, da muß ich nur die Verknüpfungen wieder herstellen. Und wenn ich auf den Start-Button links unten gehe, ist das fenster nicht mehr voll wie vorher. Es kommt nur Programme und wenn ich auf drauf gehe, erscheinen die Programme. Aber ich denke, das kriege ich evtl. wieder hin.
Welche Programme kann ich denn nun löschen, die ich da alle runter geladen habe? Und welche wären nicht schlecht, wenn ich sie evtl. weiter als Virenprogramm nutze. Hab ja MS Essential... reicht das aus?
Was mach ich mit den Cookies? Soll ich die löschen? Wurden in Quarantäne verschoben.

Zitat:

Welche Programme kann ich denn nun löschen, die ich da alle runter geladen habe? Und welche wären nicht schlecht, wenn ich sie evtl. weiter als Virenprogramm nutze. Hab ja MS Essential... reicht das aus?

Die Programme können wieder alle runter.
Und ja, Security Essentials ist völlig okay.

Zitat:

Was mach ich mit den Cookies? Soll ich die löschen? Wurden in Quarantäne verschoben.

Du weißt, was eine Quarantäne ist? Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

:dankeschoen:

Super ... vielen Dank! :bussi:
War zwischendurch mal ganz schön gestresst mit den vielen Anweisungen... ich der "Computerfreak" ...
Danke nochmal!!! (ne kleine Spende ist unterwegs)

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Hab jetzt alles soweit erledigt... hoffe auch richtig ;-)

beim Windows-Update hat er mir irgendwie Probleme gezeigt, das probiere ich morgen nochmal. Bin jetzt zu müde...