Trojaner-Board - "Festplatte beschädigt"-Meldungen, schwarzer Desktop, alle Dateien versteckt

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - "Festplatte beschädigt"-Meldungen, schwarzer Desktop, alle Dateien versteckt (https://www.trojaner-board.de/99348-festplatte-beschaedigt-meldungen-schwarzer-desktop-alle-dateien-versteckt.html)

"Festplatte beschädigt"-Meldungen, schwarzer Desktop, alle Dateien versteckt

Hallo,
ich hab auch einen Trojaner eingefangen-.-
Meldungen wie "Festplatte beschädigt - das System habe ein Problem bei IDE Sata Festplatten erkannt, es werde empfohlen, das System neu zu starten" oder "Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Dieser Fehler kann durch einen Ausfall der Hardware verursacht werden." kommen regelmäßig.
Dann kommt das " Window 7 Recovery" Fenster bei dem irgendwelche gravierenden Fehler entdeckt wurden. Mein Laptop hat dann mehrere Male von allein einen Neustart gemacht....Schwarzer Desktop, alle Dateien sind weg bzw versteckt....

Bin ja anscheinend nicht die einzige mit diesem Problem ;)
Hab jetzt schon mal einen Vollscan mit Malwarebytes durchgeführt:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6625

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.05.2011 18:09:11
mbam-log-2011-05-20 (18-09-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 514149
Laufzeit: 3 Stunde(n), 12 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
c:\Users\LiMiSu\AppData\Roaming\Enawan\kyaxb.exe (Spyware.Passwords.XGen) -> 3056 -> Unloaded process successfully.
c:\programdata\41148152.exe (Trojan.Agent) -> 3620 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Users\LiMiSu\AppData\Local\KBDape.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\LiMiSu\AppData\Local\arohomalo.dll (Trojan.Agent.U) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{4C024432-C34D-B9C4-4AE5-2DF4C31E67C8} (Spyware.Passwords.XGen) -> Value: {4C024432-C34D-B9C4-4AE5-2DF4C31E67C8} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Egehejigucine (Trojan.Hiloti) -> Value: Egehejigucine -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ihapofo (Trojan.Agent.U) -> Value: Ihapofo -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\LiMiSu\AppData\Roaming\Enawan\kyaxb.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\LiMiSu\AppData\Local\KBDape.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\LiMiSu\AppData\Roaming\Adobe\plugs\mmc9850090.txt (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\LiMiSu\AppData\Roaming\Adobe\plugs\mmc212.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\LiMiSu\AppData\Roaming\Adobe\plugs\mmc218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\41148152.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\LiMiSu\AppData\Local\arohomalo.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.

Liebe Grüße und danke schon mal,
Sandra

Hey!
Nachdem ich heute den Laptop wieder gestartet habe, sind die Fehlermeldungen immernoch nicht weg gewesen, deswegen habe ich noch mal einen Quick Scan mit Malwarebytes gemacht.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6630

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.05.2011 00:44:30
mbam-log-2011-05-21 (00-44-30).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162831
Laufzeit: 16 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\programdata\mexfxpguvshihwb.exe (Rogue.FakeHDD) -> 2168 -> Unloaded process successfully.
c:\programdata\41344760.exe (Rogue.FakeHDD) -> 2736 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MEXFxpGUVShIHWB (Rogue.FakeHDD) -> Value: MEXFxpGUVShIHWB -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\mexfxpguvshihwb.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\programdata\41344760.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

Lg Sandra

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox.

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Der Scan von OTL kann irgendwie nicht beendet werden. Es kommt die Meldung "Out of Memory" beim Manual File Scan und dann passiert gar nichts mehr.

Was soll ich jetzt machen?

Dann probier es erstmal so:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

ok, das hat geklappt....hier die beiden logfiles:

Code:

OTL logfile created on: 23.05.2011 11:10:36 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\LiMiSu\Downloads

64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 288,09 Gb Total Space | 158,00 Gb Free Space | 54,84% Space Free | Partition Type: NTFS

Drive D: | 1021,00 Mb Total Space | 1018,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Drive E: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS

Drive H: | 1,88 Gb Total Space | 0,64 Gb Free Space | 34,08% Space Free | Partition Type: FAT

 

Computer Name: LIMISU-PC | User Name: LiMiSu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Users\LiMiSu\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\LiMiSu\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Programme\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)

MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()

SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)

DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)

DRV - (Vsdatant) -- C:\Windows\SysWOW64\drivers\vsdatant.sys (Check Point Software Technologies LTD)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 E9 E6 4A B5 88 CB 01  [binary data]

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.03.07 12:08:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.09 23:19:24 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.09 23:19:24 | 000,000,000 | ---D | M]

 

[2010.11.20 16:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LiMiSu\AppData\Roaming\mozilla\Extensions

[2011.05.20 11:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LiMiSu\AppData\Roaming\mozilla\Firefox\Profiles\6fwm70yv.default\extensions

[2011.05.09 23:19:59 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\LiMiSu\AppData\Roaming\mozilla\Firefox\Profiles\6fwm70yv.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}

[2011.05.09 23:19:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\LiMiSu\AppData\Roaming\mozilla\Firefox\Profiles\6fwm70yv.default\extensions\engine@conduit.com

[2011.01.17 15:41:40 | 000,000,943 | ---- | M] () -- C:\Users\LiMiSu\AppData\Roaming\Mozilla\Firefox\Profiles\6fwm70yv.default\searchplugins\conduit.xml

[2011.05.18 16:09:59 | 000,001,056 | ---- | M] () -- C:\Users\LiMiSu\AppData\Roaming\Mozilla\Firefox\Profiles\6fwm70yv.default\searchplugins\icqplugin.xml

[2011.03.07 12:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.03.11 23:22:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011.01.22 01:37:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

File not found (No name found) -- 

[2011.05.20 11:28:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\LIMISU\APPDATA\LOCAL\{63A3ACB1-E5D9-4B4E-A466-7010A30DD7BD}

[2011.05.09 23:19:21 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.01.22 01:36:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.05.09 23:19:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.05.09 23:19:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.05.09 23:19:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.05.09 23:19:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.05.09 23:19:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.05.09 23:19:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)

O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [RESTART_STICKY_NOTES]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.20 14:50:00 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\Malwarebytes

[2011.05.20 14:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.05.20 14:49:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.05.20 14:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.05.20 14:49:16 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.05.20 14:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.05.20 12:22:20 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery

[2011.05.20 11:28:30 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Local\{63A3ACB1-E5D9-4B4E-A466-7010A30DD7BD}

[2011.05.20 11:24:43 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\Noiv

[2011.05.20 11:24:43 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\Enawan

[2011.05.20 11:19:58 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.05.20 11:19:35 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\Documents\DVDVideoSoft

[2011.05.20 11:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2011.05.20 00:13:09 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\Desktop\Intercultural Communication

[2011.05.20 00:12:38 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\Desktop\Australia's Marine Environment

[2011.05.20 00:12:36 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\Desktop\traffic flow

[2011.05.19 12:43:10 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe

[2011.05.19 12:43:10 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2011.05.17 13:28:22 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\Desktop\NEW ZEALAND

[2011.05.11 15:28:44 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2011.05.11 15:28:41 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2011.05.11 15:28:41 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.05.23 11:02:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.05.23 11:02:10 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe

[2011.05.23 10:46:31 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.05.23 10:46:31 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.05.23 10:43:36 | 004,533,938 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.05.23 10:43:36 | 001,811,462 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.05.23 10:43:36 | 001,372,840 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.05.23 10:43:36 | 001,228,854 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.05.23 10:43:36 | 000,004,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.05.23 10:39:09 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll

[2011.05.23 10:37:16 | 2412,195,840 | -HS- | M] () -- C:\hiberfil.sys

[2011.05.22 11:22:25 | 397,941,037 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.05.21 00:22:36 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.05.20 18:20:04 | 000,000,336 | ---- | M] () -- C:\ProgramData\41344760

[2011.05.20 15:52:26 | 000,000,120 | ---- | M] () -- C:\Users\LiMiSu\AppData\Local\Ejugumogavi.dat

[2011.05.20 12:28:18 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll

[2011.05.20 12:27:18 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe

[2011.05.20 12:20:39 | 000,000,344 | ---- | M] () -- C:\ProgramData\41148152

[2011.05.20 11:28:33 | 000,000,000 | ---- | M] () -- C:\Users\LiMiSu\AppData\Local\Yqofe.bin

[2011.05.20 11:28:27 | 007,682,539 | ---- | M] () -- C:\Users\LiMiSu\Desktop\The Aston Shuffle - Your Love (Original Mix).mp3

[2011.05.15 11:22:22 | 000,420,801 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.05.21 00:22:36 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.05.20 18:20:04 | 000,000,336 | ---- | C] () -- C:\ProgramData\41344760

[2011.05.20 12:20:39 | 000,000,344 | ---- | C] () -- C:\ProgramData\41148152

[2011.05.20 11:28:33 | 000,000,000 | ---- | C] () -- C:\Users\LiMiSu\AppData\Local\Yqofe.bin

[2011.05.20 11:28:32 | 000,000,120 | ---- | C] () -- C:\Users\LiMiSu\AppData\Local\Ejugumogavi.dat

[2011.05.20 11:24:55 | 007,682,539 | ---- | C] () -- C:\Users\LiMiSu\Desktop\The Aston Shuffle - Your Love (Original Mix).mp3

[2011.02.27 13:42:51 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010.11.20 21:32:56 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.11.20 14:44:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.11.20 14:42:08 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll

[2010.11.20 14:40:25 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 

< End of report >

Code:

OTL Extras logfile created on: 23.05.2011 11:10:36 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\LiMiSu\Downloads

64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 288,09 Gb Total Space | 158,00 Gb Free Space | 54,84% Space Free | Partition Type: NTFS

Drive D: | 1021,00 Mb Total Space | 1018,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Drive E: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS

Drive H: | 1,88 Gb Total Space | 0,64 Gb Free Space | 34,08% Space Free | Partition Type: FAT

 

Computer Name: LIMISU-PC | User Name: LiMiSu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{35A5B689-907E-4052-9855-A7A083B233E9}" = Solid Edge ST2

"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer

"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ICQToolbar" = ICQ Toolbar

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)

"ZoneAlarm" = ZoneAlarm

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 22.05.2011 06:08:50 | Computer Name = LiMiSu-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung

 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter

 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste

 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich

 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

 

Error - 22.05.2011 06:08:50 | Computer Name = LiMiSu-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung

 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter

 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste

 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich

 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

 

Error - 22.05.2011 06:08:50 | Computer Name = LiMiSu-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren

 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

 

Error - 22.05.2011 16:09:09 | Computer Name = LiMiSu-PC | Source = MSSQL$SQLEXPRESS | ID = 8313

Description = Error in mapping SQL Server performance object/counter indexes to 

object/counter names. SQL Server performance counters are disabled.

 

Error - 22.05.2011 16:09:09 | Computer Name = LiMiSu-PC | Source = MSSQL$SQLEXPRESS | ID = 3409

Description = Performance counter shared memory setup failed with error -1. Reinstall

 sqlctr.ini for this instance, and ensure that the instance login account has correct

 registry permissions.

 

Error - 22.05.2011 16:13:42 | Computer Name = LiMiSu-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung

 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter

 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste

 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich

 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

 

Error - 22.05.2011 16:13:42 | Computer Name = LiMiSu-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung

 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter

 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste

 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich

 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

 

Error - 22.05.2011 16:13:42 | Computer Name = LiMiSu-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren

 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

 

Error - 23.05.2011 04:39:08 | Computer Name = LiMiSu-PC | Source = MSSQL$SQLEXPRESS | ID = 8313

Description = Error in mapping SQL Server performance object/counter indexes to 

object/counter names. SQL Server performance counters are disabled.

 

Error - 23.05.2011 04:39:08 | Computer Name = LiMiSu-PC | Source = MSSQL$SQLEXPRESS | ID = 3409

Description = Performance counter shared memory setup failed with error -1. Reinstall

 sqlctr.ini for this instance, and ensure that the instance login account has correct

 registry permissions.

 

[ System Events ]

Error - 22.05.2011 05:39:43 | Computer Name = LiMiSu-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installationsfehler: Die Installation des folgenden Updates ist mit

 Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7 für

 x64-basierte Systeme

 

Error - 22.05.2011 06:03:48 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 22.05.2011 06:03:48 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 22.05.2011 16:08:38 | Computer Name = LiMiSu-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?22.?05.?2011 um 12:38:43 unerwartet heruntergefahren.

 

Error - 22.05.2011 16:08:38 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 22.05.2011 16:08:38 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 23.05.2011 04:37:33 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 23.05.2011 04:37:33 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 23.05.2011 05:02:10 | Computer Name = LiMiSu-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 23.05.2011 05:02:10 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

 

< End of report >

LG Sandra

Deinstallier bitte ZoneAlarm und sämtliche Toolbars über Systemsteuerung, Programme und Funktionen. ZoneAlarm ist ein kontraproduktives Programm, verwende die Windows-Firewall.

Poste danach bitte ein frisches OTL-Log.

ok, hab ZoneAlarm und alle Toolbars deinstalliert und hier ist nochmal sind nochmal die neuen logfiles:

Code:

OTL logfile created on: 23.05.2011 12:36:33 - Run 3

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\LiMiSu\Downloads

64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 288,09 Gb Total Space | 157,05 Gb Free Space | 54,52% Space Free | Partition Type: NTFS

Drive D: | 1021,00 Mb Total Space | 1018,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Drive E: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS

Drive G: | 119,61 Mb Total Space | 70,35 Mb Free Space | 58,82% Space Free | Partition Type: FAT

Drive H: | 1,88 Gb Total Space | 0,64 Gb Free Space | 34,08% Space Free | Partition Type: FAT

 

Computer Name: LIMISU-PC | User Name: LiMiSu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Users\LiMiSu\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\LiMiSu\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 E9 E6 4A B5 88 CB 01  [binary data]

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3

FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.09 23:19:24 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.09 23:19:24 | 000,000,000 | ---D | M]

 

[2010.11.20 16:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LiMiSu\AppData\Roaming\mozilla\Extensions

[2011.05.23 12:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LiMiSu\AppData\Roaming\mozilla\Firefox\Profiles\6fwm70yv.default\extensions

[2011.05.09 23:19:58 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\LiMiSu\AppData\Roaming\mozilla\Firefox\Profiles\6fwm70yv.default\extensions\engine@conduit.com

[2011.01.17 15:41:40 | 000,000,943 | ---- | M] () -- C:\Users\LiMiSu\AppData\Roaming\Mozilla\Firefox\Profiles\6fwm70yv.default\searchplugins\conduit.xml

[2011.05.18 16:09:59 | 000,001,056 | ---- | M] () -- C:\Users\LiMiSu\AppData\Roaming\Mozilla\Firefox\Profiles\6fwm70yv.default\searchplugins\icqplugin.xml

[2011.03.07 12:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.05.23 12:24:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011.01.22 01:37:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

File not found (No name found) -- 

[2011.05.20 11:28:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\LIMISU\APPDATA\LOCAL\{63A3ACB1-E5D9-4B4E-A466-7010A30DD7BD}

[2011.05.09 23:19:21 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.01.22 01:36:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.05.09 23:19:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.05.09 23:19:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.05.09 23:19:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.05.09 23:19:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.05.09 23:19:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.05.09 23:19:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CheckPoint Cleanup] C:\Users\LiMiSu\AppData\Local\Temp\cpes_clean_launcher.exe ()

O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [RESTART_STICKY_NOTES]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.23 12:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles

[2011.05.23 12:24:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2011.05.20 14:50:00 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\Malwarebytes

[2011.05.20 14:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.05.20 14:49:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.05.20 14:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.05.20 14:49:16 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.05.20 14:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.05.20 12:22:20 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery

[2011.05.20 11:28:30 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Local\{63A3ACB1-E5D9-4B4E-A466-7010A30DD7BD}

[2011.05.20 11:24:43 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\Noiv

[2011.05.20 11:24:43 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\Enawan

[2011.05.20 11:19:58 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.05.20 11:19:35 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\Documents\DVDVideoSoft

[2011.05.20 11:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[2011.05.20 00:13:09 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\Desktop\Intercultural Communication

[2011.05.20 00:12:38 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\Desktop\Australia's Marine Environment

[2011.05.20 00:12:36 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\Desktop\traffic flow

[2011.05.19 12:43:10 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe

[2011.05.19 12:43:10 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2011.05.17 13:28:22 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\Desktop\NEW ZEALAND

[2011.05.11 15:28:44 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2011.05.11 15:28:41 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2011.05.11 15:28:41 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.05.23 12:41:45 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.05.23 12:41:45 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.05.23 12:40:20 | 004,563,522 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.05.23 12:40:20 | 001,820,386 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.05.23 12:40:20 | 001,382,312 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.05.23 12:40:20 | 001,237,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.05.23 12:40:20 | 000,004,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.05.23 12:33:46 | 000,017,408 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe

[2011.05.23 12:33:43 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll

[2011.05.23 12:33:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.05.23 12:32:45 | 2412,195,840 | -HS- | M] () -- C:\hiberfil.sys

[2011.05.23 12:24:47 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE

[2011.05.22 11:22:25 | 397,941,037 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011.05.21 00:22:36 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.05.20 18:20:04 | 000,000,336 | ---- | M] () -- C:\ProgramData\41344760

[2011.05.20 15:52:26 | 000,000,120 | ---- | M] () -- C:\Users\LiMiSu\AppData\Local\Ejugumogavi.dat

[2011.05.20 12:28:18 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll

[2011.05.20 12:27:18 | 000,017,408 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe

[2011.05.20 12:20:39 | 000,000,344 | ---- | M] () -- C:\ProgramData\41148152

[2011.05.20 11:28:33 | 000,000,000 | ---- | M] () -- C:\Users\LiMiSu\AppData\Local\Yqofe.bin

[2011.05.20 11:28:27 | 007,682,539 | ---- | M] () -- C:\Users\LiMiSu\Desktop\The Aston Shuffle - Your Love (Original Mix).mp3

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.05.23 12:24:46 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2011.05.21 00:22:36 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.05.20 18:20:04 | 000,000,336 | ---- | C] () -- C:\ProgramData\41344760

[2011.05.20 12:20:39 | 000,000,344 | ---- | C] () -- C:\ProgramData\41148152

[2011.05.20 11:28:33 | 000,000,000 | ---- | C] () -- C:\Users\LiMiSu\AppData\Local\Yqofe.bin

[2011.05.20 11:28:32 | 000,000,120 | ---- | C] () -- C:\Users\LiMiSu\AppData\Local\Ejugumogavi.dat

[2011.05.20 11:24:55 | 007,682,539 | ---- | C] () -- C:\Users\LiMiSu\Desktop\The Aston Shuffle - Your Love (Original Mix).mp3

[2011.02.27 13:42:51 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2010.11.20 21:32:56 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.11.20 14:44:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.11.20 14:42:08 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll

[2010.11.20 14:40:25 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 

< End of report >

Code:

OTL Extras logfile created on: 23.05.2011 12:36:33 - Run 3

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\LiMiSu\Downloads

64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 288,09 Gb Total Space | 157,05 Gb Free Space | 54,52% Space Free | Partition Type: NTFS

Drive D: | 1021,00 Mb Total Space | 1018,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Drive E: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS

Drive G: | 119,61 Mb Total Space | 70,35 Mb Free Space | 58,82% Space Free | Partition Type: FAT

Drive H: | 1,88 Gb Total Space | 0,64 Gb Free Space | 34,08% Space Free | Partition Type: FAT

 

Computer Name: LIMISU-PC | User Name: LiMiSu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{35A5B689-907E-4052-9855-A7A083B233E9}" = Solid Edge ST2

"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer

"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 23.05.2011 05:29:12 | Computer Name = LiMiSu-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung

 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter

 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste

 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich

 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

 

Error - 23.05.2011 05:29:12 | Computer Name = LiMiSu-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung

 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter

 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste

 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich

 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

 

Error - 23.05.2011 05:29:12 | Computer Name = LiMiSu-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren

 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

 

Error - 23.05.2011 06:24:36 | Computer Name = LiMiSu-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5bc637  Name des fehlerhaften Moduls: tbZone.dll_unloaded, Version:

 0.0.0.0, Zeitstempel: 0x4be67741  Ausnahmecode: 0xc0000005  Fehleroffset: 0x101658f1

ID

 des fehlerhaften Prozesses: 0x1268  Startzeit der fehlerhaften Anwendung: 0x01cc19339b1046f2

Pfad

 der fehlerhaften Anwendung: C:\Windows\SysWOW64\rundll32.exe  Pfad des fehlerhaften

 Moduls: tbZone.dll  Berichtskennung: db5678c3-8526-11e0-b32b-00247e21d9d7

 

Error - 23.05.2011 06:28:31 | Computer Name = LiMiSu-PC | Source = MSSQL$SQLEXPRESS | ID = 8313

Description = Error in mapping SQL Server performance object/counter indexes to 

object/counter names. SQL Server performance counters are disabled.

 

Error - 23.05.2011 06:28:31 | Computer Name = LiMiSu-PC | Source = MSSQL$SQLEXPRESS | ID = 3409

Description = Performance counter shared memory setup failed with error -1. Reinstall

 sqlctr.ini for this instance, and ensure that the instance login account has correct

 registry permissions.

 

Error - 23.05.2011 06:30:07 | Computer Name = LiMiSu-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: CPES_C~1.EXE, Version: 9.2.58.0, 

Zeitstempel: 0x4c28f24e  Name des fehlerhaften Moduls: WSCAPI.dll_unloaded, Version:

 0.0.0.0, Zeitstempel: 0x4a5bc3ea  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73b033f9

ID

 des fehlerhaften Prozesses: 0xd08  Startzeit der fehlerhaften Anwendung: 0x01cc19344f5043c6

Pfad

 der fehlerhaften Anwendung: C:\PROGRA~2\ZONELA~1\ZONEAL~1\CPES_C~1.EXE  Pfad des 

fehlerhaften Moduls: WSCAPI.dll  Berichtskennung: a0aa0c2a-8527-11e0-bb09-00247e21d9d7

 

Error - 23.05.2011 06:30:16 | Computer Name = LiMiSu-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: CPES_C~1.EXE, Version: 9.2.58.0, 

Zeitstempel: 0x4c28f24e  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5bdb3b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000253d2  ID des fehlerhaften

 Prozesses: 0xd08  Startzeit der fehlerhaften Anwendung: 0x01cc19344f5043c6  Pfad der

 fehlerhaften Anwendung: C:\PROGRA~2\ZONELA~1\ZONEAL~1\CPES_C~1.EXE  Pfad des fehlerhaften

 Moduls: C:\Windows\syswow64\RPCRT4.dll  Berichtskennung: a607e404-8527-11e0-bb09-00247e21d9d7

 

Error - 23.05.2011 06:34:06 | Computer Name = LiMiSu-PC | Source = MSSQL$SQLEXPRESS | ID = 8313

Description = Error in mapping SQL Server performance object/counter indexes to 

object/counter names. SQL Server performance counters are disabled.

 

Error - 23.05.2011 06:34:06 | Computer Name = LiMiSu-PC | Source = MSSQL$SQLEXPRESS | ID = 3409

Description = Performance counter shared memory setup failed with error -1. Reinstall

 sqlctr.ini for this instance, and ensure that the instance login account has correct

 registry permissions.

 

[ System Events ]

Error - 23.05.2011 04:37:33 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 23.05.2011 05:02:10 | Computer Name = LiMiSu-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 23.05.2011 05:02:10 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 23.05.2011 05:26:52 | Computer Name = LiMiSu-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

 

Error - 23.05.2011 05:26:53 | Computer Name = LiMiSu-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

 

Error - 23.05.2011 06:24:52 | Computer Name = LiMiSu-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 23.05.2011 06:26:39 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 23.05.2011 06:26:39 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

Error - 23.05.2011 06:33:03 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 23.05.2011 06:33:03 | Computer Name = LiMiSu-PC | Source = atikmdag | ID = 43029

Description = Display is not active

 

 

< End of report >

LG Sandra

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

[2011.05.23 12:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles

[2011.05.20 12:22:20 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery

[2011.05.20 11:28:30 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Local\{63A3ACB1-E5D9-4B4E-A466-7010A30DD7BD}

[2011.05.20 11:24:43 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\Noiv

[2011.05.20 11:24:43 | 000,000,000 | ---D | C] -- C:\Users\LiMiSu\AppData\Roaming\Enawan

[2011.05.20 18:20:04 | 000,000,336 | ---- | M] () -- C:\ProgramData\41344760

[2011.05.20 15:52:26 | 000,000,120 | ---- | M] () -- C:\Users\LiMiSu\AppData\Local\Ejugumogavi.dat

[2011.05.20 12:20:39 | 000,000,344 | ---- | M] () -- C:\ProgramData\41148152

[2011.05.20 11:28:33 | 000,000,000 | ---- | M] () -- C:\Users\LiMiSu\AppData\Local\Yqofe.bin

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

ok, OTL Fix durchgeführt :) ....hier das logfile:

Code:

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

Prefs.js: "ICQ Search" removed from browser.search.defaultenginename

Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

C:\ProgramData\ZA_PreservedFiles folder moved successfully.

C:\Users\LiMiSu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery folder moved successfully.

C:\Users\LiMiSu\AppData\Local\{63A3ACB1-E5D9-4B4E-A466-7010A30DD7BD}\chrome\content folder moved successfully.

C:\Users\LiMiSu\AppData\Local\{63A3ACB1-E5D9-4B4E-A466-7010A30DD7BD}\chrome folder moved successfully.

C:\Users\LiMiSu\AppData\Local\{63A3ACB1-E5D9-4B4E-A466-7010A30DD7BD} folder moved successfully.

C:\Users\LiMiSu\AppData\Roaming\Noiv folder moved successfully.

C:\Users\LiMiSu\AppData\Roaming\Enawan folder moved successfully.

C:\ProgramData\41344760 moved successfully.

C:\Users\LiMiSu\AppData\Local\Ejugumogavi.dat moved successfully.

C:\ProgramData\41148152 moved successfully.

C:\Users\LiMiSu\AppData\Local\Yqofe.bin moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.22.3 log created on 05232011_143404

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

auch erledigt:) ...hier das logfile vom Kaspersky Scan:

Code:

2011/05/23 15:26:15.0356 2088        TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29

2011/05/23 15:26:16.0426 2088        ================================================================================

2011/05/23 15:26:16.0427 2088        SystemInfo:

2011/05/23 15:26:16.0427 2088        

2011/05/23 15:26:16.0427 2088        OS Version: 6.1.7600 ServicePack: 0.0

2011/05/23 15:26:16.0427 2088        Product type: Workstation

2011/05/23 15:26:16.0427 2088        ComputerName: LIMISU-PC

2011/05/23 15:26:16.0428 2088        UserName: LiMiSu

2011/05/23 15:26:16.0428 2088        Windows directory: C:\Windows

2011/05/23 15:26:16.0428 2088        System windows directory: C:\Windows

2011/05/23 15:26:16.0428 2088        Running under WOW64

2011/05/23 15:26:16.0428 2088        Processor architecture: Intel x64

2011/05/23 15:26:16.0428 2088        Number of processors: 2

2011/05/23 15:26:16.0428 2088        Page size: 0x1000

2011/05/23 15:26:16.0428 2088        Boot type: Normal boot

2011/05/23 15:26:16.0428 2088        ================================================================================

2011/05/23 15:26:16.0835 2088        Initialize success

2011/05/23 15:26:43.0127 3108        ================================================================================

2011/05/23 15:26:43.0127 3108        Scan started

2011/05/23 15:26:43.0127 3108        Mode: Manual; 

2011/05/23 15:26:43.0127 3108        ================================================================================

2011/05/23 15:26:45.0280 3108        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/05/23 15:26:45.0389 3108        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2011/05/23 15:26:45.0482 3108        AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/05/23 15:26:45.0654 3108        ADIHdAudAddService (560649e6a9c11f6124f97310ef387c45) C:\Windows\system32\drivers\ADIHdAud.sys

2011/05/23 15:26:45.0794 3108        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/05/23 15:26:45.0982 3108        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/05/23 15:26:46.0075 3108        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/05/23 15:26:46.0200 3108        AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2011/05/23 15:26:46.0418 3108        AgereSoftModem  (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

2011/05/23 15:26:46.0637 3108        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2011/05/23 15:26:46.0715 3108        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2011/05/23 15:26:46.0777 3108        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2011/05/23 15:26:46.0840 3108        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/05/23 15:26:46.0886 3108        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/05/23 15:26:47.0058 3108        amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2011/05/23 15:26:47.0105 3108        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/05/23 15:26:47.0152 3108        amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2011/05/23 15:26:47.0354 3108        AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2011/05/23 15:26:47.0464 3108        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/05/23 15:26:47.0510 3108        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/05/23 15:26:47.0588 3108        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/05/23 15:26:47.0620 3108        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2011/05/23 15:26:48.0010 3108        atikmdag        (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/05/23 15:26:48.0462 3108        avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/05/23 15:26:48.0540 3108        avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys

2011/05/23 15:26:48.0758 3108        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/05/23 15:26:48.0852 3108        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/05/23 15:26:49.0055 3108        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/05/23 15:26:49.0148 3108        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/05/23 15:26:49.0242 3108        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

2011/05/23 15:26:49.0429 3108        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/05/23 15:26:49.0476 3108        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/05/23 15:26:49.0648 3108        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/05/23 15:26:49.0710 3108        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/05/23 15:26:49.0757 3108        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/05/23 15:26:49.0804 3108        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/05/23 15:26:49.0897 3108        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/05/23 15:26:50.0038 3108        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/05/23 15:26:50.0162 3108        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

2011/05/23 15:26:50.0350 3108        BTHPORT         (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys

2011/05/23 15:26:50.0459 3108        BTHUSB          (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys

2011/05/23 15:26:50.0630 3108        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/05/23 15:26:50.0724 3108        cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2011/05/23 15:26:50.0802 3108        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/05/23 15:26:50.0880 3108        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/05/23 15:26:51.0098 3108        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/05/23 15:26:51.0161 3108        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2011/05/23 15:26:51.0223 3108        CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2011/05/23 15:26:51.0379 3108        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/05/23 15:26:51.0473 3108        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/05/23 15:26:51.0535 3108        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/05/23 15:26:51.0722 3108        CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

2011/05/23 15:26:51.0910 3108        DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2011/05/23 15:26:52.0019 3108        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/05/23 15:26:52.0128 3108        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/05/23 15:26:52.0331 3108        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/05/23 15:26:52.0456 3108        DXGKrnl         (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2011/05/23 15:26:52.0752 3108        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/05/23 15:26:53.0095 3108        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/05/23 15:26:53.0158 3108        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2011/05/23 15:26:53.0282 3108        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/05/23 15:26:53.0470 3108        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/05/23 15:26:53.0563 3108        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/05/23 15:26:53.0626 3108        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/05/23 15:26:53.0672 3108        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/05/23 15:26:53.0704 3108        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/05/23 15:26:53.0782 3108        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2011/05/23 15:26:53.0984 3108        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/05/23 15:26:54.0047 3108        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/05/23 15:26:54.0109 3108        fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

2011/05/23 15:26:54.0172 3108        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/05/23 15:26:54.0218 3108        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/05/23 15:26:54.0343 3108        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2011/05/23 15:26:54.0499 3108        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/05/23 15:26:54.0577 3108        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/05/23 15:26:54.0624 3108        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/05/23 15:26:54.0655 3108        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/05/23 15:26:54.0764 3108        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2011/05/23 15:26:54.0827 3108        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/05/23 15:26:55.0014 3108        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2011/05/23 15:26:55.0217 3108        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2011/05/23 15:26:55.0279 3108        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/05/23 15:26:55.0373 3108        iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/05/23 15:26:55.0420 3108        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/05/23 15:26:55.0482 3108        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2011/05/23 15:26:55.0654 3108        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/05/23 15:26:55.0747 3108        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/05/23 15:26:55.0794 3108        IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/05/23 15:26:55.0841 3108        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/05/23 15:26:55.0903 3108        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/05/23 15:26:55.0934 3108        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2011/05/23 15:26:56.0012 3108        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/05/23 15:26:56.0184 3108        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/05/23 15:26:56.0262 3108        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/05/23 15:26:56.0324 3108        KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2011/05/23 15:26:56.0402 3108        KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2011/05/23 15:26:56.0574 3108        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/05/23 15:26:56.0714 3108        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/05/23 15:26:56.0839 3108        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/05/23 15:26:56.0886 3108        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/05/23 15:26:56.0933 3108        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/05/23 15:26:57.0042 3108        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/05/23 15:26:57.0151 3108        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/05/23 15:26:57.0198 3108        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/05/23 15:26:57.0260 3108        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/05/23 15:26:57.0448 3108        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/05/23 15:26:57.0541 3108        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/05/23 15:26:57.0604 3108        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/05/23 15:26:57.0760 3108        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/05/23 15:26:57.0822 3108        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2011/05/23 15:26:57.0869 3108        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2011/05/23 15:26:57.0916 3108        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/05/23 15:26:57.0978 3108        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2011/05/23 15:26:58.0056 3108        mrxsmb          (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/05/23 15:26:58.0196 3108        mrxsmb10        (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/05/23 15:26:58.0274 3108        mrxsmb20        (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/05/23 15:26:58.0337 3108        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2011/05/23 15:26:58.0462 3108        msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2011/05/23 15:26:58.0633 3108        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/05/23 15:26:58.0696 3108        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/05/23 15:26:58.0727 3108        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/05/23 15:26:58.0836 3108        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/05/23 15:26:58.0867 3108        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/05/23 15:26:58.0914 3108        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/05/23 15:26:58.0976 3108        MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2011/05/23 15:26:59.0117 3108        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/05/23 15:26:59.0335 3108        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/05/23 15:26:59.0398 3108        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/05/23 15:26:59.0444 3108        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/05/23 15:26:59.0538 3108        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/05/23 15:26:59.0741 3108        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2011/05/23 15:26:59.0959 3108        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/05/23 15:27:00.0022 3108        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/05/23 15:27:00.0068 3108        Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/05/23 15:27:00.0115 3108        NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/05/23 15:27:00.0162 3108        NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2011/05/23 15:27:00.0240 3108        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/05/23 15:27:00.0271 3108        NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2011/05/23 15:27:00.0802 3108        NETw5s64        (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys

2011/05/23 15:27:01.0441 3108        netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

2011/05/23 15:27:01.0847 3108        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/05/23 15:27:01.0940 3108        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/05/23 15:27:02.0003 3108        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/05/23 15:27:02.0159 3108        Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2011/05/23 15:27:02.0362 3108        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/05/23 15:27:02.0424 3108        nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2011/05/23 15:27:02.0518 3108        nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2011/05/23 15:27:02.0564 3108        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/05/23 15:27:02.0689 3108        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/05/23 15:27:02.0861 3108        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/05/23 15:27:02.0954 3108        partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2011/05/23 15:27:03.0095 3108        pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2011/05/23 15:27:03.0188 3108        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2011/05/23 15:27:03.0251 3108        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/05/23 15:27:03.0376 3108        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/05/23 15:27:03.0485 3108        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/05/23 15:27:03.0844 3108        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2011/05/23 15:27:03.0922 3108        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/05/23 15:27:04.0015 3108        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2011/05/23 15:27:04.0202 3108        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/05/23 15:27:04.0405 3108        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/05/23 15:27:04.0483 3108        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/05/23 15:27:04.0530 3108        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/05/23 15:27:04.0624 3108        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/05/23 15:27:04.0780 3108        Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/05/23 15:27:04.0858 3108        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/05/23 15:27:04.0889 3108        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/05/23 15:27:04.0967 3108        rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2011/05/23 15:27:05.0014 3108        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/05/23 15:27:05.0045 3108        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/05/23 15:27:05.0138 3108        RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

2011/05/23 15:27:05.0310 3108        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/05/23 15:27:05.0372 3108        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/05/23 15:27:05.0419 3108        RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2011/05/23 15:27:05.0482 3108        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2011/05/23 15:27:05.0606 3108        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/05/23 15:27:05.0840 3108        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/05/23 15:27:05.0934 3108        s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

2011/05/23 15:27:05.0981 3108        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/05/23 15:27:06.0028 3108        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2011/05/23 15:27:06.0137 3108        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/05/23 15:27:06.0340 3108        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/05/23 15:27:06.0386 3108        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/05/23 15:27:06.0418 3108        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/05/23 15:27:06.0511 3108        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/05/23 15:27:06.0558 3108        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/05/23 15:27:06.0589 3108        sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/05/23 15:27:06.0620 3108        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/05/23 15:27:06.0667 3108        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/05/23 15:27:06.0730 3108        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/05/23 15:27:06.0761 3108        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/05/23 15:27:06.0823 3108        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/05/23 15:27:07.0073 3108        srv             (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys

2011/05/23 15:27:07.0151 3108        srv2            (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys

2011/05/23 15:27:07.0244 3108        srvnet          (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys

2011/05/23 15:27:07.0432 3108        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/05/23 15:27:07.0556 3108        storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

2011/05/23 15:27:07.0603 3108        storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

2011/05/23 15:27:07.0650 3108        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2011/05/23 15:27:07.0931 3108        Tcpip           (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2011/05/23 15:27:08.0243 3108        TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2011/05/23 15:27:08.0430 3108        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/05/23 15:27:08.0492 3108        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/05/23 15:27:08.0539 3108        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/05/23 15:27:08.0602 3108        tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2011/05/23 15:27:08.0648 3108        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2011/05/23 15:27:08.0758 3108        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/05/23 15:27:08.0836 3108        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2011/05/23 15:27:09.0007 3108        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/05/23 15:27:09.0085 3108        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2011/05/23 15:27:09.0179 3108        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/05/23 15:27:09.0241 3108        umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2011/05/23 15:27:09.0288 3108        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/05/23 15:27:09.0366 3108        usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/05/23 15:27:09.0491 3108        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2011/05/23 15:27:09.0553 3108        usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2011/05/23 15:27:09.0647 3108        usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

2011/05/23 15:27:09.0787 3108        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2011/05/23 15:27:09.0865 3108        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/05/23 15:27:09.0896 3108        USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/05/23 15:27:09.0943 3108        usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/05/23 15:27:10.0099 3108        usbvideo        (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys

2011/05/23 15:27:10.0240 3108        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/05/23 15:27:10.0380 3108        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/05/23 15:27:10.0458 3108        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/05/23 15:27:10.0505 3108        vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/05/23 15:27:10.0552 3108        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2011/05/23 15:27:10.0630 3108        vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

2011/05/23 15:27:10.0676 3108        VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

2011/05/23 15:27:10.0739 3108        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/05/23 15:27:10.0864 3108        volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2011/05/23 15:27:10.0973 3108        volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2011/05/23 15:27:11.0020 3108        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/05/23 15:27:11.0082 3108        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/05/23 15:27:11.0113 3108        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/05/23 15:27:11.0191 3108        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/05/23 15:27:11.0285 3108        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/23 15:27:11.0332 3108        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/23 15:27:11.0488 3108        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/05/23 15:27:11.0597 3108        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/05/23 15:27:11.0878 3108        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/05/23 15:27:11.0940 3108        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/05/23 15:27:12.0096 3108        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/05/23 15:27:12.0205 3108        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/05/23 15:27:12.0299 3108        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2011/05/23 15:27:12.0361 3108        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/05/23 15:27:12.0548 3108        yukonw7         (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

2011/05/23 15:27:13.0094 3108        ================================================================================

2011/05/23 15:27:13.0094 3108        Scan finished

2011/05/23 15:27:13.0094 3108        ================================================================================

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

So, hier dann endlich mal der ComboFix Code:

Code:

ComboFix 11-05-31.02 - LiMiSu 01.06.2011   9:32.1.2 - x64

Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3067.1917 [GMT 2:00]

ausgeführt von:: c:\users\LiMiSu\Desktop\cofi.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\LiMiSu\AppData\Roaming\Adobe\plugs

c:\users\LiMiSu\AppData\Roaming\Adobe\plugs\mmc10008805.txt

c:\users\LiMiSu\AppData\Roaming\Adobe\shed

c:\users\LiMiSu\AppData\Roaming\Adobe\shed\thr1.chm

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-05-01 bis 2011-06-01  ))))))))))))))))))))))))))))))

.

.

2011-06-01 08:04 . 2011-06-01 08:04        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-06-01 06:29 . 2011-05-09 22:00        8718160        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{87526052-55EF-45D3-9589-3D84F04AFBF4}\mpengine.dll

2011-05-23 12:34 . 2011-05-23 12:34        --------        d-----w-        C:\_OTL

2011-05-23 10:24 . 2011-05-23 10:24        2560        ----a-w-        c:\windows\_MSRSTRT.EXE

2011-05-23 10:24 . 2011-05-23 10:24        --------        d-----w-        c:\windows\system32\appmgmt

2011-05-20 12:50 . 2011-05-20 12:50        --------        d-----w-        c:\users\LiMiSu\AppData\Roaming\Malwarebytes

2011-05-20 12:49 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-20 12:49 . 2011-05-20 12:49        --------        d-----w-        c:\programdata\Malwarebytes

2011-05-20 12:49 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-05-20 12:49 . 2011-05-20 22:22        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-20 09:19 . 2011-05-20 09:19        --------        d-----w-        c:\users\LiMiSu\AppData\Roaming\DVDVideoSoftIEHelpers

2011-05-20 09:19 . 2011-05-20 09:22        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft

2011-05-19 10:43 . 2011-04-09 06:58        142336        ----a-w-        c:\windows\system32\poqexec.exe

2011-05-19 10:43 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\SysWow64\poqexec.exe

2011-05-11 13:28 . 2011-04-09 06:45        5509504        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-05-11 13:28 . 2011-04-09 06:13        3957632        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2011-05-11 13:28 . 2011-04-09 06:13        3901824        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2011-05-09 21:19 . 2011-05-09 21:19        781272        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-05-09 21:19 . 2011-05-09 21:19        89048        ----a-w-        c:\program files (x86)\Mozilla Firefox\libEGL.dll

2011-05-09 21:19 . 2011-05-09 21:19        465880        ----a-w-        c:\program files (x86)\Mozilla Firefox\libGLESv2.dll

2011-05-09 21:19 . 2011-05-09 21:19        1974616        ----a-w-        c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll

2011-05-09 21:19 . 2011-05-09 21:19        1892184        ----a-w-        c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll

2011-05-09 21:19 . 2011-05-09 21:19        1874904        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozjs.dll

2011-05-09 21:19 . 2011-05-09 21:19        15832        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozalloc.dll

2011-05-09 21:19 . 2011-05-09 21:19        142296        ----a-w-        c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-05-03 10:28 . 2011-05-03 10:28        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-05-03 10:28 . 2011-05-03 10:28        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-05-03 10:28 . 2011-05-03 10:28        1152832        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-01 08:03 . 2010-11-20 12:40        17408        ----a-w-        c:\windows\system32\rpcnetp.exe

2011-06-01 06:23 . 2010-11-21 08:38        58288        ----a-w-        c:\windows\SysWow64\rpcnet.dll

2011-05-20 10:28 . 2010-11-20 12:42        17408        ----a-w-        c:\windows\SysWow64\rpcnetp.dll

2011-05-20 10:27 . 2010-11-20 12:40        17408        ----a-w-        c:\windows\SysWow64\rpcnetp.exe

2011-03-23 14:40 . 2010-11-21 08:37        13160        ----a-w-        c:\windows\SysWow64\Upgrd.exe

2011-03-23 14:40 . 2010-11-21 08:38        58288        ------w-        c:\windows\SysWow64\rpcnet.exe

2011-03-11 06:19 . 2011-04-15 00:29        1359872        ----a-w-        c:\windows\system32\mfc42u.dll

2011-03-11 06:19 . 2011-04-15 00:29        1395712        ----a-w-        c:\windows\system32\mfc42.dll

2011-03-11 05:40 . 2011-04-15 00:29        1137664        ----a-w-        c:\windows\SysWow64\mfc42.dll

2011-03-11 05:40 . 2011-04-15 00:29        1164288        ----a-w-        c:\windows\SysWow64\mfc42u.dll

2011-03-08 06:14 . 2011-04-15 00:29        976896        ----a-w-        c:\windows\system32\inetcomm.dll

2011-03-08 05:38 . 2011-04-15 00:29        740864        ----a-w-        c:\windows\SysWow64\inetcomm.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-22 136360]

S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\LiMiSu\AppData\Roaming\Mozilla\Firefox\Profiles\6fwm70yv.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - Google

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-06-01  10:07:50

ComboFix-quarantined-files.txt  2011-06-01 08:07

.

Vor Suchlauf: 14 Verzeichnis(se), 169.052.557.312 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 172.202.770.432 Bytes frei

.

- - End Of File - - 52DEB155996E2ACB6198204A3F61BE31

LG Sandra