Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Prozessor auslastung Hoch und langsamer Start (https://www.trojaner-board.de/88856-prozessor-auslastung-hoch-langsamer-start.html)

Tim0 29.07.2010 13:09
Prozessor auslastung Hoch und langsamer Start
 
Guten Tag,
ich habe seit Gestern das Problem das mein Computer extrem langsam Hochfährt.
Außerdem ist die Prozessorauslastung recht Hoch und der Computer friert ab und zu ein so das ich ihn neu Starten muss.

Hijackthis Logfile

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:19, on 29.07.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Rainlendar2\Rainlendar2.exe
D:\Program Files\ICQ7.2\ICQ.exe
D:\Users\Computer\Desktop\DieUhr.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
D:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASDR - Unknown owner - D:\Windows\System32\ASDR.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @D:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - D:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5030 bytes
Antivir Logfile

Code:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Mittwoch, 28. Juli 2010  18:42

Es wird nach 2580570 Virenstämmen gesucht.

Lizenznehmer  : Avira AntiVir Personal - FREE Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows Vista
Windowsversion : (plain)  [6.1.7600]
Boot Modus    : Abgesicherter Modus
Benutzername  : Computer
Computername  : COMPUTER-PC

Versionsinformationen:
BUILD.DAT      : 9.0.0.422    21701 Bytes  09.03.2010 10:23:00
AVSCAN.EXE    : 9.0.3.10    466689 Bytes  13.10.2009 10:26:28
AVSCAN.DLL    : 9.0.3.0      49409 Bytes  13.02.2009 11:04:10
LUKE.DLL      : 9.0.3.2      209665 Bytes  20.02.2009 10:35:44
LUKERES.DLL    : 9.0.2.0      13569 Bytes  26.01.2009 09:41:59
VBASE000.VDF  : 7.10.0.0  19875328 Bytes  06.11.2009 06:35:52
VBASE001.VDF  : 7.10.1.0    1372672 Bytes  19.11.2009 18:50:11
VBASE002.VDF  : 7.10.3.1    3143680 Bytes  20.01.2010 18:50:47
VBASE003.VDF  : 7.10.3.75    996864 Bytes  26.01.2010 18:50:58
VBASE004.VDF  : 7.10.4.203  1579008 Bytes  05.03.2010 19:20:53
VBASE005.VDF  : 7.10.6.82  2494464 Bytes  15.04.2010 13:39:20
VBASE006.VDF  : 7.10.7.218  2294784 Bytes  02.06.2010 16:37:47
VBASE007.VDF  : 7.10.9.165  4840960 Bytes  23.07.2010 14:13:36
VBASE008.VDF  : 7.10.9.166      2048 Bytes  23.07.2010 14:13:36
VBASE009.VDF  : 7.10.9.167      2048 Bytes  23.07.2010 14:13:36
VBASE010.VDF  : 7.10.9.168      2048 Bytes  23.07.2010 14:13:36
VBASE011.VDF  : 7.10.9.169      2048 Bytes  23.07.2010 14:13:36
VBASE012.VDF  : 7.10.9.170      2048 Bytes  23.07.2010 14:13:37
VBASE013.VDF  : 7.10.9.198    157696 Bytes  26.07.2010 14:12:05
VBASE014.VDF  : 7.10.9.230    121856 Bytes  28.07.2010 14:12:15
VBASE015.VDF  : 7.10.9.231      2048 Bytes  28.07.2010 14:12:15
VBASE016.VDF  : 7.10.9.232      2048 Bytes  28.07.2010 14:12:15
VBASE017.VDF  : 7.10.9.233      2048 Bytes  28.07.2010 14:12:15
VBASE018.VDF  : 7.10.9.234      2048 Bytes  28.07.2010 14:12:15
VBASE019.VDF  : 7.10.9.235      2048 Bytes  28.07.2010 14:12:15
VBASE020.VDF  : 7.10.9.236      2048 Bytes  28.07.2010 14:12:15
VBASE021.VDF  : 7.10.9.237      2048 Bytes  28.07.2010 14:12:15
VBASE022.VDF  : 7.10.9.238      2048 Bytes  28.07.2010 14:12:15
VBASE023.VDF  : 7.10.9.239      2048 Bytes  28.07.2010 14:12:15
VBASE024.VDF  : 7.10.9.240      2048 Bytes  28.07.2010 14:12:15
VBASE025.VDF  : 7.10.9.241      2048 Bytes  28.07.2010 14:12:15
VBASE026.VDF  : 7.10.9.242      2048 Bytes  28.07.2010 14:12:16
VBASE027.VDF  : 7.10.9.243      2048 Bytes  28.07.2010 14:12:16
VBASE028.VDF  : 7.10.9.244      2048 Bytes  28.07.2010 14:12:16
VBASE029.VDF  : 7.10.9.245      2048 Bytes  28.07.2010 14:12:16
VBASE030.VDF  : 7.10.9.246      2048 Bytes  28.07.2010 14:12:16
VBASE031.VDF  : 7.10.9.248      9216 Bytes  28.07.2010 14:12:16
Engineversion  : 8.2.4.26
AEVDF.DLL      : 8.1.2.0      106868 Bytes  24.04.2010 13:01:13
AESCRIPT.DLL  : 8.1.3.41    1364346 Bytes  20.07.2010 22:50:27
AESCN.DLL      : 8.1.6.1      127347 Bytes  13.05.2010 16:18:03
AESBX.DLL      : 8.1.3.1      254324 Bytes  24.04.2010 13:01:13
AERDL.DLL      : 8.1.8.2      614772 Bytes  20.07.2010 22:50:27
AEPACK.DLL    : 8.2.3.2      471414 Bytes  20.07.2010 22:50:26
AEOFFICE.DLL  : 8.1.1.8      201081 Bytes  21.07.2010 22:50:29
AEHEUR.DLL    : 8.1.2.6    2793846 Bytes  20.07.2010 22:50:26
AEHELP.DLL    : 8.1.13.2    242039 Bytes  20.07.2010 22:50:25
AEGEN.DLL      : 8.1.3.17    385396 Bytes  21.07.2010 22:50:29
AEEMU.DLL      : 8.1.2.0      393588 Bytes  24.04.2010 13:01:12
AECORE.DLL    : 8.1.16.2    192887 Bytes  20.07.2010 22:50:24
AEBB.DLL      : 8.1.1.0      53618 Bytes  24.04.2010 13:01:12
AVWINLL.DLL    : 9.0.0.3      18177 Bytes  12.12.2008 07:47:56
AVPREF.DLL    : 9.0.3.0      44289 Bytes  26.08.2009 14:13:59
AVREP.DLL      : 8.0.0.7      159784 Bytes  02.03.2010 18:51:48
AVREG.DLL      : 9.0.0.0      36609 Bytes  07.11.2008 14:25:04
AVARKT.DLL    : 9.0.0.3      292609 Bytes  24.03.2009 14:05:37
AVEVTLOG.DLL  : 9.0.0.7      167169 Bytes  30.01.2009 09:37:04
SQLITE3.DLL    : 3.6.1.0      326401 Bytes  28.01.2009 14:03:49
SMTPLIB.DLL    : 9.2.0.25      28417 Bytes  02.02.2009 07:21:28
NETNT.DLL      : 9.0.0.0      11521 Bytes  07.11.2008 14:41:21
RCIMAGE.DLL    : 9.0.0.25    2438913 Bytes  15.05.2009 14:35:17
RCTEXT.DLL    : 9.0.73.0      87297 Bytes  13.10.2009 11:19:29

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: d:\program files\avira\antivir desktop\alldrives.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, A:, F:, E:, G:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Mittwoch, 28. Juli 2010  18:42

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AAWTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AAWWSC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WmiPrvSE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AAWService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '24' Prozesse mit '24' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'A:\'
    [INFO]      Im  Laufwerk 'A:\' ist kein Datenträger eingelegt!
Bootsektor 'F:\'
    [INFO]      Im  Laufwerk 'F:\' ist kein Datenträger eingelegt!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '23' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
D:\hiberfil.sys
    [WARNUNG]  Die Datei konnte nicht geöffnet werden!
    [HINWEIS]  Bei dieser Datei handelt es sich um eine Windows Systemdatei.
    [HINWEIS]  Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
D:\pagefile.sys
    [WARNUNG]  Die Datei konnte nicht geöffnet werden!
    [HINWEIS]  Bei dieser Datei handelt es sich um eine Windows Systemdatei.
    [HINWEIS]  Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
D:\Program Files\Microsoft DirectX SDK (June 2010)\Redist\Aug2005_d3dx9_27_x64.cab
  [0] Archivtyp: CAB (Microsoft)
    --> d3dx9_27.dll
      [WARNUNG]  Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
    [WARNUNG]  Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
D:\Program Files\Microsoft DirectX SDK (June 2010)\Redist\AUG2007_d3dx9_35_x64.cab
  [0] Archivtyp: CAB (Microsoft)
    --> d3dx9_35.dll
      [WARNUNG]  Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
    [WARNUNG]  Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
D:\Users\Computer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\6e4f9eed-58f2a1e7
  [0] Archivtyp: ZIP
    --> dev/s/AdgredY.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.S
    --> dev/s/DyesyasZ.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.R
    --> dev/s/LoaderX.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.M.1
D:\Users\Computer\Documents\vlc-1.1.0-win32.exe
  [0] Archivtyp: NSIS
    --> ProgramFilesDir/libavi_plugin.dll
      [WARNUNG]  Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
    [WARNUNG]  Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
Beginne mit der Suche in 'A:\'
Der zu durchsuchende Pfad A:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'G:\'
Der zu durchsuchende Pfad G:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.

Beginne mit der Desinfektion:
D:\Users\Computer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\6e4f9eed-58f2a1e7
    [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c8475c6.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 28. Juli 2010  20:22
Benötigte Zeit:  1:03:24 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  32936 Verzeichnisse wurden überprüft
 1136976 Dateien wurden geprüft
      3 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      2 Dateien konnten nicht durchsucht werden
 1136971 Dateien ohne Befall
  8141 Archive wurden durchsucht
      8 Warnungen
      3 Hinweise
den CCleaner habe ich auch durchlaufen lassen und Malwarebytes hat im schnellem Durchlauf nichts gefunden und Ad-Aware hat auch nur einen Cookie gefunden.

Vielleicht findet ihr ja etwas, was ich übersehen habe.
Danke im Vorraus.

MfG Tim0

markusg 29.07.2010 13:17
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide logs

Tim0 29.07.2010 15:02
Extras

Code:
OTL Extras logfile created on: 29.07.2010 15:21:38 - Run 3
OTL by OldTimer - Version 3.2.9.1    Folder = D:\Users\Computer\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 19,53 Gb Total Space | 4,54 Gb Free Space | 23,24% Space Free | Partition Type: NTFS
Drive D: | 446,22 Gb Total Space | 284,01 Gb Free Space | 63,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: COMPUTER-PC
Current User Name: Computer
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4034464493-679656484-3502508975-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2F6096CC-7067-489B-ADCE-F1936A1E1D6F}" = League of Legends
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96C39A4E-8636-439B-B439-02E908C05A2A}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDA0DBBA-BBDD-11D5-9901-005004491D37}" = EXSL-Win Version X
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1CD7BA2-B906-40F5-902C-31177F040CB4}" = Project Reloaded
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"ACE LoL Client" = League of Legends - ACE Client by Matricus
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"DIY Layout Creator_is1" = DIY Layout Creator 1.23
"EAGLE 5.9.0" = EAGLE 5.9.0
"Easy Graphic Converter 1.2_is1" = Easy Graphic Converter 1.2
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader" = Foxit Reader
"ICQToolbar" = ICQ Toolbar
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"IsoBuster_is1" = IsoBuster 2.7
"JDownloader" = JDownloader
"League of Legends_is1" = League of Legends
"LochMaster_30_Demo_is1" = LochMaster 3.0 (Demo)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAXONA0B4C530" = CINEMA 4D 11.514
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"Mumble" = Mumble and Murmur
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PulsPlayer" = PulsPlayer (remove only)
"Rainlendar2" = Rainlendar2 (remove only)
"ShiftWindow_is1" = ShiftWindow 1.02
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4034464493-679656484-3502508975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.07.2010 14:40:02 | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LOLClient.exe, Version: 1.5.0.7220,
 Zeitstempel: 0x49080dd2  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0193d6f1  ID des fehlerhaften
 Prozesses: 0xc68  Startzeit der fehlerhaften Anwendung: 0x01cb2431174ff4e7  Pfad der
 fehlerhaften Anwendung: D:\ace_client240\League of Legends\Air\LOLClient.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 60704f48-9040-11df-9936-001fd05a7def
 
Error - 16.07.2010 05:25:07 | Computer Name = Computer-PC | Source = BackItUp5 | ID = 5225
Description =
 
Error - 16.07.2010 06:57:56 | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3828,
 Zeitstempel: 0x4c25a474  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdadb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046b90  ID des fehlerhaften
 Prozesses: 0x4a0  Startzeit der fehlerhaften Anwendung: 0x01cb24cdbe448bb4  Pfad der
 fehlerhaften Anwendung: D:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: D:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: fccab46d-90c8-11df-9bcc-001fd05a7def
 
Error - 16.07.2010 07:12:47 | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NOTEPAD.EXE, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc60f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x10531ac0  ID des fehlerhaften
 Prozesses: 0x6dc  Startzeit der fehlerhaften Anwendung: 0x01cb24d7d13079b6  Pfad der
 fehlerhaften Anwendung: D:\Windows\system32\NOTEPAD.EXE  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 1004f6c4-90cb-11df-9bcc-001fd05a7def
 
Error - 16.07.2010 07:13:10 | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: crashreporter.exe, Version: 1.9.2.3828,
 Zeitstempel: 0x4c259d19  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x10531ac0  ID des fehlerhaften
 Prozesses: 0x3a8  Startzeit der fehlerhaften Anwendung: 0x01cb24d7dea901a4  Pfad der
 fehlerhaften Anwendung: D:\Program Files\Mozilla Firefox\crashreporter.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 1d83994a-90cb-11df-9bcc-001fd05a7def
 
Error - 16.07.2010 07:13:17 | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: crashreporter.exe, Version: 1.9.2.3828,
 Zeitstempel: 0x4c259d19  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x10531ac0  ID des fehlerhaften
 Prozesses: 0xba8  Startzeit der fehlerhaften Anwendung: 0x01cb24d7e2eb010a  Pfad der
 fehlerhaften Anwendung: D:\Program Files\Mozilla Firefox\crashreporter.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 21b0fef2-90cb-11df-9bcc-001fd05a7def
 
Error - 16.07.2010 07:13:19 | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WerFault.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc2d9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x10531ac0  ID des fehlerhaften
 Prozesses: 0x764  Startzeit der fehlerhaften Anwendung: 0x01cb24d7e404b28a  Pfad der
 fehlerhaften Anwendung: D:\Windows\system32\WerFault.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 22e2306a-90cb-11df-9bcc-001fd05a7def
 
Error - 16.07.2010 07:13:39 | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: crashreporter.exe, Version: 1.9.2.3828,
 Zeitstempel: 0x4c259d19  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x10531ac0  ID des fehlerhaften
 Prozesses: 0x84c  Startzeit der fehlerhaften Anwendung: 0x01cb24d7effcfd79  Pfad der
 fehlerhaften Anwendung: D:\Program Files\Mozilla Firefox\crashreporter.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 2ece1f1a-90cb-11df-9bcc-001fd05a7def
 
Error - 16.07.2010 07:14:08 | Computer Name = Computer-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: crashreporter.exe, Version: 1.9.2.3828,
 Zeitstempel: 0x4c259d19  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x10531ac0  ID des fehlerhaften
 Prozesses: 0x27c  Startzeit der fehlerhaften Anwendung: 0x01cb24d8014ba209  Pfad der
 fehlerhaften Anwendung: D:\Program Files\Mozilla Firefox\crashreporter.exe  Pfad
des fehlerhaften Moduls: unknown  Berichtskennung: 401a52a1-90cb-11df-9bcc-001fd05a7def
 
Error - 16.07.2010 07:20:39 | Computer Name = Computer-PC | Source = BackItUp5 | ID = 5225
Description =
 
[ System Events ]
Error - 28.07.2010 12:40:57 | Computer Name = Computer-PC | Source = DCOM | ID = 10005
Description =
 
Error - 28.07.2010 12:40:57 | Computer Name = Computer-PC | Source = DCOM | ID = 10005
Description =
 
Error - 28.07.2010 12:40:58 | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 28.07.2010 12:40:58 | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 28.07.2010 12:40:58 | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 28.07.2010 12:40:58 | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 28.07.2010 12:40:58 | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 28.07.2010 12:40:58 | Computer Name = Computer-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 28.07.2010 12:50:37 | Computer Name = Computer-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 28.07.2010 12:50:43 | Computer Name = Computer-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
 
< End of report >
OTL

Code:
OTL logfile created on: 29.07.2010 15:21:38 - Run 3
OTL by OldTimer - Version 3.2.9.1    Folder = D:\Users\Computer\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 19,53 Gb Total Space | 4,54 Gb Free Space | 23,24% Space Free | Partition Type: NTFS
Drive D: | 446,22 Gb Total Space | 284,01 Gb Free Space | 63,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: COMPUTER-PC
Current User Name: Computer
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\Computer\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - D:\ace_client240\League of Legends\air\LolClient.exe ()
PRC - D:\ace_client240\League of Legends\lol.launcher.exe (Solid State Networks)
PRC - D:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - D:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - D:\Users\Computer\Desktop\DieUhr.exe (Kay Bruns)
PRC - D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - D:\Program Files\OpenOffice.org 3\program\swriter.exe (OpenOffice.org)
PRC - D:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - D:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.)
PRC - D:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Program Files\Rainlendar2\Rainlendar2.exe ()
PRC - D:\Windows\System32\ASDR.exe ()
PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Users\Computer\Desktop\OTL.exe (OldTimer Tools)
MOD - D:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - D:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - D:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - D:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - D:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - D:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - D:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - D:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - D:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - D:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - D:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - D:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (FLEXnet Licensing Service) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ICQ Service) -- D:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NAUpdate) -- D:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (Stereo Service) -- D:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ASDR) -- D:\Windows\System32\ASDR.exe ()
SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- D:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- D:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- D:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- D:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- D:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- D:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- D:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- D:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- D:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- D:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- D:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- D:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- D:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- D:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- D:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- D:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- D:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- D:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- D:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lbd) -- D:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (EIO) -- D:\Windows\System32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (atksgt) -- D:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- D:\Windows\System32\drivers\lirsgt.sys ()
DRV - (nvlddmkm) -- D:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ElbyCDIO) -- D:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KSecPkg) -- D:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- D:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LMouFilt) -- D:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- D:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (cmdide) -- D:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- D:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- D:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- D:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- D:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- D:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- D:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- D:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- D:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- D:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- D:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- D:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- D:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- D:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- D:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- D:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- D:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- D:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- D:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- D:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- D:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- D:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- D:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- D:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- D:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- D:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- D:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- D:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- D:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- D:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- D:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- D:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- D:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- D:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- D:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- D:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- D:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- D:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- D:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- D:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- D:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- D:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- D:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- D:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- D:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- D:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- D:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- D:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- D:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- D:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- D:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- D:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- D:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- D:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- D:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- D:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- D:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- D:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- D:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- D:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- D:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- D:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- D:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- D:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- D:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- D:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- D:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- D:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- D:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- D:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )
DRV - (E1G60) Intel(R) -- D:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- D:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- D:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- D:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- D:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- D:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (adfs) -- D:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (LHidKe) -- D:\Windows\System32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- D:\Windows\System32\drivers\LMOUKE.sys (Logitech, Inc.)
DRV - (iviVD) -- D:\Windows\system32\DRIVERS\iviVD.sys (InterVideo)
DRV - (Iviaspi) -- D:\Windows\System32\drivers\iviaspi.sys (InterVideo, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4034464493-679656484-3502508975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-4034464493-679656484-3502508975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4034464493-679656484-3502508975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4034464493-679656484-3502508975-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.12304
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010.07.26 22:09:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010.07.25 11:37:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2010.06.20 18:20:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins
 
[2010.04.15 15:56:27 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2010.04.15 15:56:27 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Computer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.29 11:38:56 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\70dndfqr.default\extensions
[2010.07.12 16:46:49 | 000,000,000 | ---D | M] (PDF Download) -- D:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\70dndfqr.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.06.12 13:48:55 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\70dndfqr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.18 20:52:15 | 000,000,000 | ---D | M] (ReloadEvery) -- D:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\70dndfqr.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.07.20 12:50:23 | 000,000,000 | ---D | M] (WOT) -- D:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\70dndfqr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.07.20 12:46:30 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\70dndfqr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.23 11:08:46 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\70dndfqr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.05.24 12:51:47 | 000,000,000 | ---D | M] (FoxTab) -- D:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\70dndfqr.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.07.11 23:56:35 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\70dndfqr.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.07.20 12:50:23 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\70dndfqr.default\extensions\staged-xpis
[2010.06.11 14:07:54 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\70dndfqr.default\extensions\toolbar@ask.com
[2010.07.25 20:14:39 | 000,000,950 | ---- | M] () -- D:\Users\Computer\AppData\Roaming\Mozilla\FireFox\Profiles\70dndfqr.default\searchplugins\icqplugin-1.xml
[2010.07.12 14:04:06 | 000,000,950 | ---- | M] () -- D:\Users\Computer\AppData\Roaming\Mozilla\FireFox\Profiles\70dndfqr.default\searchplugins\icqplugin-2.xml
[2010.07.25 11:37:26 | 000,000,950 | ---- | M] () -- D:\Users\Computer\AppData\Roaming\Mozilla\FireFox\Profiles\70dndfqr.default\searchplugins\icqplugin-3.xml
[2010.06.12 13:48:55 | 000,000,168 | ---- | M] () -- D:\Users\Computer\AppData\Roaming\Mozilla\FireFox\Profiles\70dndfqr.default\searchplugins\icqplugin.gif
[2010.06.12 13:48:55 | 000,000,618 | ---- | M] () -- D:\Users\Computer\AppData\Roaming\Mozilla\FireFox\Profiles\70dndfqr.default\searchplugins\icqplugin.src
[2010.06.26 17:31:48 | 000,001,056 | ---- | M] () -- D:\Users\Computer\AppData\Roaming\Mozilla\FireFox\Profiles\70dndfqr.default\searchplugins\icqplugin.xml
[2010.07.12 14:04:04 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.05 00:26:49 | 000,001,122 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      adobeereg.com
O1 - Hosts: 127.0.0.1      www.adobeereg.com
O1 - Hosts: 127.0.0.1      activate.adobe.com
O1 - Hosts: 127.0.0.1      activate-sea.adobe.com
O1 - Hosts: 127.0.0.1      activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1      wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1      192.150.18.108
O1 - Hosts: 127.0.0.1      ad.de.doubleclick.net
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4034464493-679656484-3502508975-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-21-4034464493-679656484-3502508975-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4034464493-679656484-3502508975-1000..\Run: [ICQ] D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4034464493-679656484-3502508975-1000..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-4034464493-679656484-3502508975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.11 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - D:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.09 00:42:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - D:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - D:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - D:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - D:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
MsConfig - StartUpFolder: D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe - (InterVideo Inc.)
MsConfig - StartUpFolder: D:^Users^Computer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - D:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: NBAgent - hkey= - key= - D:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - D:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - D:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - D:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - D:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - D:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - D:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - D:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - D:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3BF10CB8-F615-67EE-181D-D9E43D71A6C4} - Microsoft VM
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {60EAF4E8-97EB-5FA4-9952-B22F90049B22} - Java (Sun)
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - D:\Windows\system32\Rundll32.exe D:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - D:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - D:\Windows\System32\iccvid.dll (Radius Inc.)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.29 15:19:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Users\Computer\Desktop\OTL.exe
[2010.07.29 12:44:50 | 000,000,000 | ---D | C] -- D:\Users\Computer\Desktop\Neuer Ordner
[2010.07.28 11:35:06 | 000,000,000 | ---D | C] -- D:\Users\Computer\Desktop\Air
[2010.07.28 11:15:48 | 000,000,000 | ---D | C] -- D:\Users\Computer\Desktop\aces_updatefiles
[2010.07.25 19:55:39 | 000,000,000 | ---D | C] -- D:\Users\Computer\Desktop\Fliege
[2010.07.22 20:18:18 | 000,000,000 | ---D | C] -- D:\Users\Computer\Desktop\Neuer Ordner (3)
[2010.07.21 00:40:52 | 000,000,000 | ---D | C] -- D:\Users\Computer\Desktop\Neuer Ordner (2)
[2010.07.16 13:31:15 | 000,000,000 | ---D | C] -- D:\Windows\pss
[2010.07.16 11:55:51 | 000,000,000 | ---D | C] -- D:\Users\Computer\AppData\Roaming\Malwarebytes
[2010.07.16 11:55:26 | 000,000,000 | ---D | C] -- D:\Users\Computer\Desktop\Sicherheit
[2010.07.16 11:55:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.16 11:55:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2010.07.16 11:55:18 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010.07.16 11:55:18 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2010.07.14 19:12:42 | 000,000,000 | ---D | C] -- D:\ace_client240
[2010.07.14 16:11:18 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Adobe AIR
[2010.07.14 16:01:02 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2010.07.14 12:13:41 | 814,143,398 | ---- | C] (GOA                                                        ) -- D:\Users\Computer\Desktop\loleusetup.exe
[2010.07.14 12:13:31 | 000,000,000 | ---D | C] -- D:\Users\Computer\AppData\Local\PMB Files
[2010.07.14 12:13:30 | 000,000,000 | ---D | C] -- D:\ProgramData\PMB Files
[2010.07.14 12:13:22 | 000,000,000 | ---D | C] -- D:\Program Files\Pando Networks
[2010.07.13 16:20:30 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2010.07.13 13:22:44 | 000,000,000 | ---D | C] -- D:\Users\Computer\AppData\Roaming\dvdcss
[2010.07.12 21:59:01 | 000,064,288 | ---- | C] (Lavasoft AB) -- D:\Windows\System32\drivers\Lbd.sys
[2010.07.12 21:59:01 | 000,000,000 | ---D | C] -- D:\Windows\System32\DRVSTORE
[2010.07.12 21:58:58 | 000,095,024 | ---- | C] (Sunbelt Software) -- D:\Windows\System32\drivers\SBREDrv.sys
[2010.07.12 21:53:42 | 000,000,000 | ---D | C] -- D:\Users\Computer\AppData\Local\Sunbelt Software
[2010.07.12 21:52:57 | 000,000,000 | -H-D | C] -- D:\ProgramData\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010.07.12 21:52:35 | 000,000,000 | ---D | C] -- D:\ProgramData\Lavasoft
[2010.07.12 21:52:35 | 000,000,000 | ---D | C] -- D:\Program Files\Lavasoft
[2010.07.12 16:48:59 | 000,000,000 | ---D | C] -- D:\Users\Computer\AppData\Roaming\Foxit Software
[2010.07.12 16:48:08 | 000,000,000 | ---D | C] -- D:\Program Files\Foxit Software
[2010.07.12 15:18:08 | 000,000,000 | ---D | C] -- D:\Windows\System32\appmgmt
[2010.07.12 14:03:34 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox
[2010.07.09 23:57:18 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java
[2010.07.09 23:56:58 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\deployJava1.dll
[2010.07.09 23:56:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaws.exe
[2010.07.09 23:56:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaw.exe
[2010.07.09 23:56:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\java.exe
[2010.07.07 17:19:03 | 000,000,000 | ---D | C] -- D:\Program Files\CCleaner
[2010.07.06 16:20:33 | 000,000,000 | ---D | C] -- D:\Users\Computer\Desktop\Nah- & Makrofotographie
[2010.07.06 16:16:14 | 000,000,000 | ---D | C] -- D:\Users\Computer\Desktop\Makrofotographie
[2010.07.06 01:50:33 | 000,000,000 | ---D | C] -- D:\Program Files\MSXML 4.0
[2010.06.29 20:58:57 | 000,000,000 | ---D | C] -- D:\Users\Computer\AppData\Roaming\Nero
[2010.06.29 20:51:55 | 000,000,000 | ---D | C] -- D:\ProgramData\Nero
[2010.06.29 20:51:23 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Nero
[2010.06.29 20:51:15 | 000,000,000 | ---D | C] -- D:\Program Files\Nero
[2010.06.29 20:43:20 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft.NET
[2010.06.29 20:30:30 | 000,000,000 | ---D | C] -- D:\Program Files\Elaborate Bytes
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.29 15:22:24 | 002,621,440 | -HS- | M] () -- D:\Users\Computer\NTUSER.DAT
[2010.07.29 15:19:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Users\Computer\Desktop\OTL.exe
[2010.07.29 14:36:01 | 000,001,100 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.29 12:50:33 | 000,001,982 | ---- | M] () -- D:\Users\Computer\Desktop\Trillian.lnk
[2010.07.29 12:45:27 | 000,018,766 | ---- | M] () -- D:\Users\Computer\Desktop\OpenDocument Text (neu).odt
[2010.07.29 11:31:36 | 000,014,016 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.29 11:31:36 | 000,014,016 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.29 11:26:12 | 000,001,096 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.29 11:25:55 | 000,000,006 | -H-- | M] () -- D:\Windows\tasks\SA.DAT
[2010.07.29 11:24:02 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2010.07.29 11:23:51 | 2817,384,448 | -HS- | M] () -- D:\hiberfil.sys
[2010.07.29 00:08:19 | 003,171,761 | -H-- | M] () -- D:\Users\Computer\AppData\Local\IconCache.db
[2010.07.28 11:34:58 | 001,935,994 | ---- | M] () -- D:\Users\Computer\Desktop\Air.rar
[2010.07.28 11:15:38 | 067,196,795 | ---- | M] () -- D:\Users\Computer\Desktop\ace_update2410.rar
[2010.07.28 11:11:41 | 030,462,477 | ---- | M] () -- D:\Users\Computer\Desktop\ace_update24051.rar
[2010.07.28 10:54:04 | 000,006,544 | ---- | M] () -- D:\Users\Computer\Documents\cc_20100728_105401.reg
[2010.07.28 10:05:53 | 000,743,431 | ---- | M] () -- D:\Users\Computer\Desktop\Updater.exe
[2010.07.27 10:04:46 | 001,472,002 | ---- | M] () -- D:\Windows\System32\PerfStringBackup.INI
[2010.07.27 10:04:46 | 000,643,628 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2010.07.27 10:04:46 | 000,606,992 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2010.07.27 10:04:46 | 000,126,188 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2010.07.27 10:04:46 | 000,103,370 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2010.07.23 20:42:59 | 000,841,578 | ---- | M] () -- D:\Users\Computer\Desktop\Unbenannt-11.jpg
[2010.07.22 21:01:42 | 072,726,788 | ---- | M] () -- D:\Users\Computer\Desktop\Unbenannt-11.psd
[2010.07.22 20:48:30 | 000,834,479 | ---- | M] () -- D:\Users\Computer\Desktop\Fliege 6.jpg
[2010.07.22 20:44:00 | 000,877,385 | ---- | M] () -- D:\Users\Computer\Desktop\Fliege 5.jpg
[2010.07.22 20:42:11 | 000,804,010 | ---- | M] () -- D:\Users\Computer\Desktop\Fliege 4.jpg
[2010.07.22 20:40:37 | 000,810,207 | ---- | M] () -- D:\Users\Computer\Desktop\Fliege.jpg
[2010.07.22 20:39:55 | 000,807,816 | ---- | M] () -- D:\Users\Computer\Desktop\Fliege 2.jpg
[2010.07.22 20:38:54 | 000,798,153 | ---- | M] () -- D:\Users\Computer\Desktop\Fliege 1.jpg
[2010.07.22 12:41:08 | 030,462,477 | ---- | M] () -- D:\Users\Computer\Desktop\ace_update2405.rar
[2010.07.21 01:07:50 | 001,097,455 | ---- | M] () -- D:\Users\Computer\Desktop\Spinne 3.jpg
[2010.07.21 01:07:16 | 001,118,310 | ---- | M] () -- D:\Users\Computer\Desktop\Spinne 2.jpg
[2010.07.21 01:05:32 | 001,214,125 | ---- | M] () -- D:\Users\Computer\Desktop\Spinne.jpg
[2010.07.20 23:21:12 | 000,261,665 | ---- | M] () -- D:\Users\Computer\Desktop\Unbenannt.GIF
[2010.07.17 22:31:07 | 033,757,537 | ---- | M] () -- D:\Users\Computer\Desktop\Unbenannt-1.psd
[2010.07.17 22:04:54 | 001,027,170 | ---- | M] () -- D:\Users\Computer\Desktop\Hummel 5.jpg
[2010.07.17 21:59:09 | 000,940,000 | ---- | M] () -- D:\Users\Computer\Desktop\Hummel.jpg
[2010.07.17 21:42:27 | 001,545,294 | ---- | M] () -- D:\Users\Computer\Desktop\Hummel 2.jpg
[2010.07.17 20:25:40 | 001,134,125 | ---- | M] () -- D:\Users\Computer\Desktop\Schmetterling 1.jpg
[2010.07.15 12:47:54 | 000,007,604 | ---- | M] () -- D:\Users\Computer\AppData\Local\Resmon.ResmonCfg
[2010.07.14 19:58:25 | 000,001,769 | ---- | M] () -- D:\Users\Computer\Desktop\Start League of Legends.lnk
[2010.07.14 18:33:36 | 805,725,537 | ---- | M] () -- D:\Users\Computer\Desktop\ace_client240.rar
[2010.07.14 12:32:59 | 000,001,900 | ---- | M] () -- D:\Users\Public\Desktop\League of Legends.lnk
[2010.07.14 12:28:08 | 814,143,398 | ---- | M] (GOA                                                        ) -- D:\Users\Computer\Desktop\loleusetup.exe
[2010.07.14 12:13:15 | 002,185,360 | ---- | M] () -- D:\Users\Computer\Desktop\LeagueofLegendsEUDownloader.exe
[2010.07.13 16:44:51 | 000,018,901 | ---- | M] () -- D:\Users\Computer\Desktop\Unbenannt1.JPG
[2010.07.13 13:24:22 | 003,592,192 | ---- | M] () -- D:\Users\Computer\Documents\vlc-1.1.0-win32.exe
[2010.07.13 10:55:39 | 000,735,229 | ---- | M] () -- D:\Users\Computer\ace_uninstaller.exe
[2010.07.12 22:07:17 | 000,329,147 | ---- | M] () -- D:\Users\Computer\Desktop\fliege_2_671.jpg
[2010.07.12 22:07:05 | 000,377,457 | ---- | M] () -- D:\Users\Computer\Desktop\Marinkäferlarve (Überarbeitet 2).jpg
[2010.07.12 21:58:58 | 000,095,024 | ---- | M] (Sunbelt Software) -- D:\Windows\System32\drivers\SBREDrv.sys
[2010.07.12 12:02:38 | 000,020,483 | ---- | M] () -- D:\Users\Computer\Desktop\Unbenannt.JPG
[2010.07.07 15:30:34 | 000,001,024 | ---- | M] () -- D:\Users\Public\Desktop\Picasa 3.lnk
[2010.07.06 19:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- D:\Windows\System32\drivers\Lbd.sys
[2010.07.06 19:28:44 | 000,015,880 | ---- | M] () -- D:\Windows\System32\lsdelete.exe
[2010.06.29 20:31:17 | 000,000,085 | -HS- | M] () -- D:\ProgramData\.zreglib
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.29 12:44:55 | 000,018,766 | ---- | C] () -- D:\Users\Computer\Desktop\OpenDocument Text (neu).odt
[2010.07.28 11:34:56 | 001,935,994 | ---- | C] () -- D:\Users\Computer\Desktop\Air.rar
[2010.07.28 11:14:53 | 067,196,795 | ---- | C] () -- D:\Users\Computer\Desktop\ace_update2410.rar
[2010.07.28 11:11:58 | 000,743,431 | ---- | C] () -- D:\Users\Computer\Desktop\Updater.exe
[2010.07.28 11:11:31 | 030,462,477 | ---- | C] () -- D:\Users\Computer\Desktop\ace_update24051.rar
[2010.07.28 10:54:03 | 000,006,544 | ---- | C] () -- D:\Users\Computer\Documents\cc_20100728_105401.reg
[2010.07.23 20:42:58 | 000,841,578 | ---- | C] () -- D:\Users\Computer\Desktop\Unbenannt-11.jpg
[2010.07.22 21:01:40 | 072,726,788 | ---- | C] () -- D:\Users\Computer\Desktop\Unbenannt-11.psd
[2010.07.22 20:48:29 | 000,834,479 | ---- | C] () -- D:\Users\Computer\Desktop\Fliege 6.jpg
[2010.07.22 20:43:58 | 000,877,385 | ---- | C] () -- D:\Users\Computer\Desktop\Fliege 5.jpg
[2010.07.22 20:42:10 | 000,804,010 | ---- | C] () -- D:\Users\Computer\Desktop\Fliege 4.jpg
[2010.07.22 20:39:53 | 000,807,816 | ---- | C] () -- D:\Users\Computer\Desktop\Fliege 2.jpg
[2010.07.22 20:38:52 | 000,810,207 | ---- | C] () -- D:\Users\Computer\Desktop\Fliege.jpg
[2010.07.22 20:38:52 | 000,798,153 | ---- | C] () -- D:\Users\Computer\Desktop\Fliege 1.jpg
[2010.07.22 12:40:45 | 030,462,477 | ---- | C] () -- D:\Users\Computer\Desktop\ace_update2405.rar
[2010.07.21 01:07:48 | 001,097,455 | ---- | C] () -- D:\Users\Computer\Desktop\Spinne 3.jpg
[2010.07.21 01:07:15 | 001,118,310 | ---- | C] () -- D:\Users\Computer\Desktop\Spinne 2.jpg
[2010.07.21 01:05:30 | 001,214,125 | ---- | C] () -- D:\Users\Computer\Desktop\Spinne.jpg
[2010.07.20 23:21:12 | 000,261,665 | ---- | C] () -- D:\Users\Computer\Desktop\Unbenannt.GIF
[2010.07.17 22:31:06 | 033,757,537 | ---- | C] () -- D:\Users\Computer\Desktop\Unbenannt-1.psd
[2010.07.17 22:04:53 | 001,027,170 | ---- | C] () -- D:\Users\Computer\Desktop\Hummel 5.jpg
[2010.07.17 21:59:07 | 000,940,000 | ---- | C] () -- D:\Users\Computer\Desktop\Hummel.jpg
[2010.07.17 21:42:26 | 001,545,294 | ---- | C] () -- D:\Users\Computer\Desktop\Hummel 2.jpg
[2010.07.17 20:25:39 | 001,134,125 | ---- | C] () -- D:\Users\Computer\Desktop\Schmetterling 1.jpg
[2010.07.14 19:15:41 | 000,001,769 | ---- | C] () -- D:\Users\Computer\Desktop\Start League of Legends.lnk
[2010.07.14 14:51:39 | 805,725,537 | ---- | C] () -- D:\Users\Computer\Desktop\ace_client240.rar
[2010.07.14 12:32:59 | 000,001,900 | ---- | C] () -- D:\Users\Public\Desktop\League of Legends.lnk
[2010.07.14 12:13:12 | 002,185,360 | ---- | C] () -- D:\Users\Computer\Desktop\LeagueofLegendsEUDownloader.exe
[2010.07.13 16:44:51 | 000,018,901 | ---- | C] () -- D:\Users\Computer\Desktop\Unbenannt1.JPG
[2010.07.13 13:24:16 | 003,592,192 | ---- | C] () -- D:\Users\Computer\Documents\vlc-1.1.0-win32.exe
[2010.07.13 10:55:37 | 000,735,229 | ---- | C] () -- D:\Users\Computer\ace_uninstaller.exe
[2010.07.13 00:56:42 | 000,015,880 | ---- | C] () -- D:\Windows\System32\lsdelete.exe
[2010.07.12 22:07:16 | 000,329,147 | ---- | C] () -- D:\Users\Computer\Desktop\fliege_2_671.jpg
[2010.07.12 22:07:03 | 000,377,457 | ---- | C] () -- D:\Users\Computer\Desktop\Marinkäferlarve (Überarbeitet 2).jpg
[2010.07.12 12:02:37 | 000,020,483 | ---- | C] () -- D:\Users\Computer\Desktop\Unbenannt.JPG
[2010.07.07 15:30:34 | 000,001,024 | ---- | C] () -- D:\Users\Public\Desktop\Picasa 3.lnk
[2010.06.29 20:31:17 | 000,000,085 | -HS- | C] () -- D:\ProgramData\.zreglib
[2010.04.13 14:53:14 | 000,022,016 | ---- | C] () -- D:\Windows\System32\ODBCSTF.DLL
[2010.04.13 14:53:09 | 000,009,216 | ---- | C] () -- D:\Windows\System32\CBNVDD.DLL
[2010.03.03 16:05:41 | 000,281,760 | ---- | C] () -- D:\Windows\System32\drivers\atksgt.sys
[2010.03.03 16:05:41 | 000,025,888 | ---- | C] () -- D:\Windows\System32\drivers\lirsgt.sys
[2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- D:\Windows\System32\hpotscl1.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010.05.13 18:57:26 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\CadSoft
[2010.07.12 12:57:33 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Emtybe
[2010.04.28 15:44:44 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\EssentialPIM
[2010.07.12 16:48:59 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Foxit Software
[2010.05.15 13:37:20 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\ibf
[2010.07.29 11:28:27 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\ICQ
[2010.07.12 13:25:33 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Ilyq
[2010.04.28 15:27:16 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Kalenderchen
[2010.03.02 20:58:04 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Leadertech
[2010.05.12 16:39:09 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\LolClient
[2010.03.03 15:52:14 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.05.18 22:56:40 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\MAXON
[2010.04.13 11:54:52 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Miranda
[2010.07.26 22:10:01 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Mumble
[2010.03.04 16:35:26 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\OpenOffice.org
[2010.05.06 13:58:21 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\stickies
[2010.04.15 15:56:25 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Thunderbird
[2010.05.06 17:54:32 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\To-Do DeskList
[2010.04.13 12:17:47 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Trillian
[2010.03.20 23:58:47 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\TS3Client
[2010.03.03 16:07:13 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Ubisoft
[2010.06.18 12:23:01 | 000,032,630 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.09 23:54:46 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Adobe
[2010.05.13 18:57:26 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\CadSoft
[2010.07.13 13:22:44 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\dvdcss
[2010.07.12 12:57:33 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Emtybe
[2010.04.28 15:44:44 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\EssentialPIM
[2010.07.12 16:48:59 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Foxit Software
[2010.04.20 15:38:23 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Google
[2010.05.15 13:37:20 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\ibf
[2010.07.29 11:28:27 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\ICQ
[2010.03.02 19:49:28 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Identities
[2010.07.12 13:25:33 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Ilyq
[2010.04.28 15:27:16 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Kalenderchen
[2010.03.02 20:58:04 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Leadertech
[2010.03.02 20:53:24 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Logishrd
[2010.03.02 20:53:18 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Logitech
[2010.05.12 16:39:09 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\LolClient
[2010.03.03 15:52:14 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.03.02 20:59:13 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Macromedia
[2010.07.16 11:55:51 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Malwarebytes
[2010.05.18 22:56:40 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\MAXON
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Media Center Programs
[2010.07.28 10:53:18 | 000,000,000 | --SD | M] -- D:\Users\Computer\AppData\Roaming\Microsoft
[2010.04.13 11:54:52 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Miranda
[2010.06.18 03:04:37 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\mIRC
[2010.03.02 20:07:48 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Mozilla
[2010.07.26 22:10:01 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Mumble
[2010.06.29 20:58:57 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Nero
[2010.03.04 16:35:26 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\OpenOffice.org
[2010.07.29 15:14:50 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Skype
[2010.07.29 11:28:01 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\skypePM
[2010.05.06 13:58:21 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\stickies
[2010.03.02 21:08:00 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\teamspeak2
[2010.04.15 15:56:25 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Thunderbird
[2010.05.06 17:54:32 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\To-Do DeskList
[2010.04.07 23:21:46 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Toribash
[2010.04.13 12:17:47 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Trillian
[2010.03.20 23:58:47 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\TS3Client
[2010.03.03 16:07:13 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Ubisoft
[2010.07.13 13:24:15 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\vlc
[2010.04.17 13:47:02 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\Winamp
[2010.04.30 15:09:24 | 000,000,000 | ---D | M] -- D:\Users\Computer\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.07.14 16:10:50 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- D:\Users\Computer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.03.02 20:58:04 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- D:\Users\Computer\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010.07.13 16:20:30 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- D:\Users\Computer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2010.05.11 18:02:27 | 000,022,486 | R--- | M] () -- D:\Users\Computer\AppData\Roaming\Microsoft\Installer\{E1CD7BA2-B906-40F5-902C-31177F040CB4}\ARPPRODUCTICON.exe
[2010.05.11 18:02:27 | 000,022,486 | R--- | M] () -- D:\Users\Computer\AppData\Roaming\Microsoft\Installer\{E1CD7BA2-B906-40F5-902C-31177F040CB4}\NewShortcut1_E1CD7BA2B90640F5902C31177F040CB4_9.exe
[2010.05.11 18:02:27 | 000,022,486 | R--- | M] () -- D:\Users\Computer\AppData\Roaming\Microsoft\Installer\{E1CD7BA2-B906-40F5-902C-31177F040CB4}\NewShortcut3_E1CD7BA2B90640F5902C31177F040CB4_8.exe
 
< %SYSTEMDRIVE%\*.exe >
[2003.06.29 14:31:14 | 000,799,232 | ---- | M] (Jos Maas) -- D:\omb.exe
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- D:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- D:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- D:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- D:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- D:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\System32\LocationApi.dll
[2009.08.29 08:54:52 | 012,625,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\System32\wmploc.DLL
 
< 5. Klicke "Scan" >
 
< 6. 2 reporte werden erstellt: >
 
< OTL.Txt >
 
< Extras.Txt >

< End of report >
MfG Tim0

markusg 29.07.2010 15:12
Besuche:
VirusTotal - Free Online Virus and Malware Scan
prüfe folgendes:
D:\Users\Computer\Desktop\Updater.exe
D:\Users\Computer\Desktop\DieUhr.exe
falls datei bereits analysiert, klicke erneut prüfen, ergebnisse posten.

Tim0 29.07.2010 16:35
Updater.exe

Code:
Antivirus          Version          letzte aktualisierung          Ergebnis
AhnLab-V3        2010.07.29.00        2010.07.28        -
AntiVir        8.2.4.26        2010.07.29        -
Antiy-AVL        2.0.3.7        2010.07.29        Trojan/Win32.Swisyn.gen
Authentium        5.2.0.5        2010.07.29        -
Avast        4.8.1351.0        2010.07.29        -
Avast5        5.0.332.0        2010.07.29        -
AVG        9.0.0.851        2010.07.29        -
BitDefender        7.2        2010.07.29        -
CAT-QuickHeal        11.00        2010.07.29        -
ClamAV        0.96.0.3-git        2010.07.29        -
Comodo        5580        2010.07.29        -
DrWeb        5.0.2.03300        2010.07.29        -
Emsisoft        5.0.0.34        2010.07.29        -
eSafe        7.0.17.0        2010.07.29        -
eTrust-Vet        36.1.7748        2010.07.29        -
F-Prot        4.6.1.107        2010.07.29        -
F-Secure        9.0.15370.0        2010.07.29        -
Fortinet        4.1.143.0        2010.07.29        -
GData        21        2010.07.29        -
Ikarus        T3.1.1.84.0        2010.07.29        -
Jiangmin        13.0.900        2010.07.29        -
Kaspersky        7.0.0.125        2010.07.29        -
McAfee        5.400.0.1158        2010.07.29        -
McAfee-GW-Edition        2010.1        2010.07.29        -
Microsoft        1.6004        2010.07.29        -
NOD32        5323        2010.07.29        -
Norman        6.05.11        2010.07.29        -
nProtect        2010-07-29.01        2010.07.29        -
Panda        10.0.2.7        2010.07.29        -
PCTools        7.0.3.5        2010.07.29        -
Prevx        3.0        2010.07.29        High Risk Cloaked Malware
Rising        22.58.03.04        2010.07.29        -
Sophos        4.55.0        2010.07.29        -
Sunbelt        6658        2010.07.29        -
SUPERAntiSpyware        4.40.0.1006        2010.07.29        -
Symantec        20101.1.1.7        2010.07.29        -
TheHacker        6.5.2.1.326        2010.07.27        -
TrendMicro        9.120.0.1004        2010.07.29        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.29        -
VBA32        3.12.12.6        2010.07.28        -
ViRobot        2010.7.29.3963        2010.07.29        -
VirusBuster        5.0.27.0        2010.07.29        -
weitere Informationen
File size: 743431 bytes
MD5...: 2da4c7f2bac77b7f8f00f23271b8c165
SHA1..: f34882cdae3fc4940a507255f323757decf204d9
SHA256: fe680c8d1372f584133c94ef529c8178321b0fcdbd165b5c9fd2bd4a50dac0f1
ssdeep: 12288:XH7Wcjdc/r2sxxiPGGAOOPSXDV8ClgVYhX5FSsf8Qol3TL:XbCj2sObHtq
Q4QMjL
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x17850
timedatestamp.....: 0x4b509352 (Fri Jan 15 16:09:54 2010)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x814a5 0x81600 6.60 09b535a462dc9bc31ff989ae945245fb
.rdata 0x83000 0xd6a2 0xd800 4.91 ee9f84e12eed9971b81699f57b3171e9
.data 0x91000 0x16f38 0x3200 4.11 b2ac8e862b8d6d111d389ff9f306d5f3
.rsrc 0xa8000 0x1c590 0x1c600 3.48 385070e165b7b383ea8bc3857eff4d41

( 16 imports )
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> VERSION.dll: VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
> WINMM.dll: timeGetTime, waveOutSetVolume, mciSendStringW
> COMCTL32.dll: ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
> MPR.dll: WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
> WININET.dll: InternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
> PSAPI.DLL: EnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
> USERENV.dll: CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
> KERNEL32.dll: HeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ResumeThread, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, HeapReAlloc, HeapCreate, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, LCMapStringA, RtlUnwind, SetFilePointer, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, EnumResourceNamesW, SetEnvironmentVariableA
> USER32.dll: SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, CopyImage, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, PeekMessageW, SetKeyboardState, GetKeyboardState, GetKeyState, keybd_event, VkKeyScanA, GetKeyboardLayoutNameA, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, GetMenuItemID, TranslateMessage, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, UnregisterHotKey, CharLowerBuffW, MonitorFromRect, GetAsyncKeyState, LoadImageW, GetWindowLongW
> GDI32.dll: DeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
> COMDLG32.dll: GetSaveFileNameW, GetOpenFileNameW
> ADVAPI32.dll: RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetAclInformation, GetAce, AddAce, GetSecurityDescriptorDacl
> SHELL32.dll: DragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
> ole32.dll: OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=6B5097A607909A0658100B8D02729C00BED2AE54' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=6B5097A607909A0658100B8D02729C00BED2AE54</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..:
original name: n/a
internal name: n/a
file version.: 3, 3, 4, 0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Uhr

Code:
Antivirus          Version          letzte aktualisierung          Ergebnis
AhnLab-V3        2010.07.29.00        2010.07.28        -
AntiVir        8.2.4.26        2010.07.29        -
Antiy-AVL        2.0.3.7        2010.07.29        -
Authentium        5.2.0.5        2010.07.29        -
Avast        4.8.1351.0        2010.07.29        -
Avast5        5.0.332.0        2010.07.29        -
AVG        9.0.0.851        2010.07.29        -
BitDefender        7.2        2010.07.29        -
CAT-QuickHeal        11.00        2010.07.29        -
ClamAV        0.96.0.3-git        2010.07.29        -
Comodo        5580        2010.07.29        -
DrWeb        5.0.2.03300        2010.07.29        -
Emsisoft        5.0.0.34        2010.07.29        -
eSafe        7.0.17.0        2010.07.29        -
eTrust-Vet        36.1.7748        2010.07.29        -
F-Prot        4.6.1.107        2010.07.29        -
F-Secure        9.0.15370.0        2010.07.29        -
Fortinet        4.1.143.0        2010.07.29        -
GData        21        2010.07.29        -
Ikarus        T3.1.1.84.0        2010.07.29        -
Jiangmin        13.0.900        2010.07.29        -
Kaspersky        7.0.0.125        2010.07.29        -
McAfee        5.400.0.1158        2010.07.29        -
McAfee-GW-Edition        2010.1        2010.07.29        -
Microsoft        1.6004        2010.07.29        -
NOD32        5323        2010.07.29        -
Norman        6.05.11        2010.07.29        -
nProtect        2010-07-29.01        2010.07.29        -
Panda        10.0.2.7        2010.07.29        -
PCTools        7.0.3.5        2010.07.29        -
Prevx        3.0        2010.07.29        -
Rising        22.58.03.04        2010.07.29        -
Sophos        4.55.0        2010.07.29        -
Sunbelt        6658        2010.07.29        -
Symantec        20101.1.1.7        2010.07.29        -
TheHacker        6.5.2.1.326        2010.07.27        -
TrendMicro        9.120.0.1004        2010.07.29        -
TrendMicro-HouseCall        9.120.0.1004        2010.07.29        -
VBA32        3.12.12.6        2010.07.28        -
ViRobot        2010.7.29.3963        2010.07.29        -
VirusBuster        5.0.27.0        2010.07.29        -
weitere Informationen
File size: 163840 bytes
MD5...: f4bc56d0b312a7e5e03bfe807f2d635f
SHA1..: a5d27b133fa37861a63b98572b296c028585d293
SHA256: 0586d1d7b31776b6144c784a1338f17c1b31a5a209c4fd1114678cdfd6166e04
ssdeep: 3072:SGmaJvK7suir4XlqqN6kQ2HI55qZyqOiX0995c:SMio5r4BN6kQaIOyXX9
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3719
timedatestamp.....: 0x44eff030 (Sat Aug 26 06:54:40 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x94d2 0xa000 6.41 12bba0b99d7b91c12a43f6d068385f6f
.rdata 0xb000 0x1502 0x2000 4.10 11361cceabf97877e317d11c48d90aae
.data 0xd000 0x6818 0x3000 1.52 779aa4a4e7f4edd8c729ad16e08a5c3f
.rsrc 0x14000 0x17a28 0x18000 7.28 6c90cba106ae0149b4e92b55eb9c00b8

( 7 imports )
> KERNEL32.dll: FindFirstFileW, GetLocalTime, SetThreadPriority, GetCurrentThread, SetPriorityClass, GetCurrentProcess, GetLastError, CreateMutexW, FlushFileBuffers, SetStdHandle, LCMapStringW, LCMapStringA, GetStringTypeW, GetStringTypeA, LoadLibraryA, HeapReAlloc, FindNextFileW, GetOEMCP, GetACP, GetCPInfo, MultiByteToWideChar, HeapAlloc, SetFilePointer, IsBadCodePtr, IsBadWritePtr, IsBadReadPtr, SetUnhandledExceptionFilter, WriteFile, HeapFree, VirtualFree, HeapCreate, HeapDestroy, GetVersionExA, GetEnvironmentVariableA, GetFileType, FindClose, GetModuleFileNameW, SetCurrentDirectoryW, SizeofResource, FindResourceW, LoadResource, LockResource, GlobalAlloc, GlobalLock, GlobalUnlock, VirtualAlloc, GlobalFree, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetModuleFileNameA, UnhandledExceptionFilter, GetProcAddress, CloseHandle, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, TerminateProcess, ExitProcess, RtlUnwind
> USER32.dll: TrackPopupMenu, CreatePopupMenu, GetCursorPos, PostQuitMessage, SetTimer, KillTimer, DefWindowProcW, UnregisterClassW, MessageBoxW, GetMenuStringW, DestroyMenu, UpdateLayeredWindow, GetWindowLongW, DestroyWindow, DispatchMessageW, TranslateMessage, GetMessageW, SendMessageW, LoadImageW, CreateWindowExW, RegisterClassW, LoadCursorW, GetFocus, AppendMenuW, GetWindowRect, SetWindowPos, SetWindowLongW
> GDI32.dll: SelectObject, DeleteObject, DeleteDC, CreateCompatibleDC
> ADVAPI32.dll: RegCreateKeyW, RegSetValueExW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegDeleteValueW
> ole32.dll: CoCreateInstance, CoInitialize, CoUninitialize, CreateStreamOnHGlobal
> gdiplus.dll: GdipCreateHBITMAPFromBitmap, GdipDeleteGraphics, GdipCreateCachedBitmap, GdipSetInterpolationMode, GdipCreateFromHDC, GdipCreateBitmapFromScan0, GdipGetImageWidth, GdipGetImageHeight, GdipAlloc, GdipDrawImagePoints, GdipDrawImageRect, GdipDrawCachedBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipCreateBitmapFromFileICM, GdipCreateBitmapFromFile, GdipDisposeImage, GdipCloneImage, GdipDeleteCachedBitmap, GdiplusStartup, GdiplusShutdown, GdipGetImageGraphicsContext, GdipGraphicsClear, GdipFree, GdipDrawImageRectI
> SHLWAPI.dll: PathRemoveFileSpecW, PathAppendW, PathFileExistsW, PathIsDirectoryW

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Kay Bruns
copyright....: Copyright (c) 2006
product......: Die Uhr
description..: DieUhr
original name: DieUhr.exe
internal name: DieUhr
file version.: 1, 0, 0, 1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned

markusg 29.07.2010 16:48
kannst du die
D:\Users\Computer\Desktop\Updater.exe
bei unserm upload hochladen?
http://www.trojaner-board.de/54791-a...ner-board.html
wie unter punkt2
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Tim0 29.07.2010 18:04
Habe die Datei hoch geladen.

Code:
ComboFix 10-07-28.04 - Computer 29.07.2010  18:15:09.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.3582.2084 [GMT 2:00]
ausgeführt von:: d:\users\Computer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\users\Computer\ace_uninstaller.exe

.
MBR is infected with the Whistler Bootkit !!

(((((((((((((((((((((((  Dateien erstellt von 2010-06-28 bis 2010-07-29  ))))))))))))))))))))))))))))))
.

2010-07-26 18:50 . 2010-07-26 18:50        21160        ----a-w-        d:\users\Computer\AppData\Roaming\Mumble\Plugins\bfbc2.dll
2010-07-16 18:38 . 2010-07-16 18:38        25256        ----a-w-        d:\users\Computer\AppData\Roaming\Mumble\Plugins\tf2.dll
2010-07-16 18:38 . 2010-07-16 18:38        24744        ----a-w-        d:\users\Computer\AppData\Roaming\Mumble\Plugins\wow.dll
2010-07-16 18:38 . 2010-07-16 18:38        21672        ----a-w-        d:\users\Computer\AppData\Roaming\Mumble\Plugins\lotro.dll
2010-07-16 18:38 . 2010-07-16 18:38        21160        ----a-w-        d:\users\Computer\AppData\Roaming\Mumble\Plugins\l4d2.dll
2010-07-16 18:38 . 2010-07-16 18:38        25256        ----a-w-        d:\users\Computer\AppData\Roaming\Mumble\Plugins\insurgency.dll
2010-07-16 18:38 . 2010-07-16 18:38        25256        ----a-w-        d:\users\Computer\AppData\Roaming\Mumble\Plugins\gmod.dll
2010-07-16 18:38 . 2010-07-16 18:38        25256        ----a-w-        d:\users\Computer\AppData\Roaming\Mumble\Plugins\dods.dll
2010-07-16 18:38 . 2010-07-16 18:38        25256        ----a-w-        d:\users\Computer\AppData\Roaming\Mumble\Plugins\css.dll
2010-07-16 18:38 . 2010-07-16 18:38        25256        ----a-w-        d:\users\Computer\AppData\Roaming\Mumble\Plugins\aoc.dll
2010-07-16 18:38 . 2010-07-16 18:38        21160        ----a-w-        d:\users\Computer\AppData\Roaming\Mumble\Plugins\codmw2.dll
2010-07-16 09:55 . 2010-07-16 09:55        --------        d-----w-        d:\users\Computer\AppData\Roaming\Malwarebytes
2010-07-16 09:55 . 2010-04-29 10:19        38224        ----a-w-        d:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 09:55 . 2010-07-16 09:55        --------        d-----w-        d:\program files\Malwarebytes' Anti-Malware
2010-07-16 09:55 . 2010-07-16 09:55        --------        d-----w-        d:\programdata\Malwarebytes
2010-07-16 09:55 . 2010-04-29 10:19        20952        ----a-w-        d:\windows\system32\drivers\mbam.sys
2010-07-14 17:12 . 2010-07-14 17:17        --------        d-----w-        D:\ace_client240
2010-07-14 14:11 . 2010-07-14 14:10        53632        ----a-w-        d:\users\Computer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-14 14:11 . 2010-07-14 14:10        53632        ----a-w-        d:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-14 14:11 . 2010-07-14 14:11        --------        d-----w-        d:\program files\Common Files\Adobe AIR
2010-07-14 10:13 . 2010-07-14 10:41        --------        d-----w-        d:\users\Computer\AppData\Local\PMB Files
2010-07-14 10:13 . 2010-07-14 10:13        --------        d-----w-        d:\programdata\PMB Files
2010-07-14 10:13 . 2010-07-14 10:13        --------        d-----w-        d:\program files\Pando Networks
2010-07-13 14:20 . 2010-07-16 11:23        --------        d-----w-        d:\program files\Trend Micro
2010-07-13 14:20 . 2010-07-13 14:20        388096        ----a-r-        d:\users\Computer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-13 11:22 . 2010-07-13 11:22        --------        d-----w-        d:\users\Computer\AppData\Roaming\dvdcss
2010-07-12 22:56 . 2010-07-06 17:28        15880        ----a-w-        d:\windows\system32\lsdelete.exe
2010-07-12 19:59 . 2010-07-12 19:59        --------        dc----w-        d:\windows\system32\DRVSTORE
2010-07-12 19:59 . 2010-07-06 17:28        64288        ----a-w-        d:\windows\system32\drivers\Lbd.sys
2010-07-12 19:58 . 2010-07-12 19:58        95024        ----a-w-        d:\windows\system32\drivers\SBREDrv.sys
2010-07-12 19:53 . 2010-07-12 19:53        --------        d-----w-        d:\users\Computer\AppData\Local\Sunbelt Software
2010-07-12 19:52 . 2010-07-12 19:52        --------        dc-h--w-        d:\programdata\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-12 19:52 . 2010-07-06 17:29        2979280        -c--a-w-        d:\programdata\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-12 19:52 . 2010-07-12 19:53        --------        d-----w-        d:\programdata\Lavasoft
2010-07-12 19:52 . 2010-07-12 19:52        --------        d-----w-        d:\program files\Lavasoft
2010-07-12 14:48 . 2010-07-12 14:48        --------        d-----w-        d:\users\Computer\AppData\Roaming\Foxit Software
2010-07-12 14:48 . 2010-07-12 14:48        --------        d-----w-        d:\program files\Foxit Software
2010-07-09 21:57 . 2010-07-09 21:57        --------        d-----w-        d:\program files\Common Files\Java
2010-07-09 21:56 . 2010-04-12 15:29        411368        ----a-w-        d:\windows\system32\deployJava1.dll
2010-07-07 15:19 . 2010-07-07 15:19        --------        d-----w-        d:\program files\CCleaner
2010-07-05 23:50 . 2010-07-05 23:50        --------        d-----w-        d:\program files\MSXML 4.0
2010-06-29 18:58 . 2010-06-29 18:58        --------        d-----w-        d:\users\Computer\AppData\Roaming\Nero
2010-06-29 18:51 . 2010-06-29 18:57        --------        d-----w-        d:\programdata\Nero
2010-06-29 18:51 . 2010-06-29 18:51        --------        d-----w-        d:\program files\Common Files\Nero
2010-06-29 18:51 . 2010-06-29 18:57        --------        d-----w-        d:\program files\Nero
2010-06-29 18:43 . 2010-06-29 18:43        --------        d-----w-        d:\program files\Microsoft.NET
2010-06-29 18:30 . 2010-06-29 18:30        --------        d-----w-        d:\program files\Elaborate Bytes

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 16:14 . 2010-03-02 20:46        --------        d-----w-        d:\users\Computer\AppData\Roaming\Skype
2010-07-29 14:08 . 2010-03-02 20:52        --------        d-----w-        d:\users\Computer\AppData\Roaming\skypePM
2010-07-29 12:06 . 2010-03-04 14:35        1        ----a-w-        d:\users\Computer\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-29 10:51 . 2010-04-13 10:00        --------        d-----w-        d:\program files\Trillian
2010-07-29 10:49 . 2010-05-11 16:02        --------        d-----w-        d:\program files\Project Reloaded
2010-07-29 09:28 . 2010-03-02 18:52        --------        d-----w-        d:\users\Computer\AppData\Roaming\ICQ
2010-07-29 09:26 . 2010-03-02 18:30        --------        d-----w-        d:\programdata\NVIDIA
2010-07-28 10:28 . 2010-03-02 20:11        --------        d-----w-        d:\program files\League of Legends
2010-07-27 08:04 . 2009-07-14 08:47        643628        ----a-w-        d:\windows\system32\perfh007.dat
2010-07-27 08:04 . 2009-07-14 08:47        126188        ----a-w-        d:\windows\system32\perfc007.dat
2010-07-26 20:10 . 2010-03-06 16:40        --------        d-----w-        d:\users\Computer\AppData\Roaming\Mumble
2010-07-14 10:11 . 2010-03-02 18:40        --------        d--h--w-        d:\program files\InstallShield Installation Information
2010-07-13 14:25 . 2010-04-13 10:01        --------        d-----w-        d:\program files\Ask.com
2010-07-13 11:24 . 2010-06-21 13:18        --------        d-----w-        d:\users\Computer\AppData\Roaming\vlc
2010-07-12 19:40 . 2010-04-15 13:56        --------        d-----w-        d:\program files\Mozilla Thunderbird
2010-07-12 11:25 . 2010-06-23 22:21        --------        d-----w-        d:\users\Computer\AppData\Roaming\Ilyq
2010-07-12 10:57 . 2010-04-02 08:46        --------        d-----w-        d:\users\Computer\AppData\Roaming\Emtybe
2010-07-09 21:56 . 2010-03-04 14:32        --------        d-----w-        d:\program files\Java
2010-07-07 13:30 . 2010-04-20 13:31        --------        d-----w-        d:\program files\Google
2010-06-22 13:54 . 2010-03-03 17:04        --------        d-----w-        d:\program files\TeamSpeak 3 Client
2010-06-21 13:18 . 2010-06-21 13:18        --------        d-----w-        d:\program files\VideoLAN
2010-06-20 17:23 . 2010-06-20 15:38        --------        d-----w-        d:\program files\ImageConverter Plus
2010-06-20 16:10 . 2010-06-20 16:10        --------        d-----w-        d:\program files\Easy Graphic Converter
2010-06-18 18:48 . 2010-06-18 18:45        --------        d-----w-        d:\program files\Microsoft DirectX SDK (June 2010)
2010-06-18 18:44 . 2010-06-18 18:45        111960        ----a-w-        d:\windows\dxsdkuninst.exe
2010-06-18 18:30 . 2010-06-18 18:30        444952        ----a-w-        d:\windows\system32\wrap_oal.dll
2010-06-18 18:30 . 2010-06-18 18:30        109080        ----a-w-        d:\windows\system32\OpenAL32.dll
2010-06-18 18:30 . 2010-06-18 18:30        --------        d-----w-        d:\program files\OpenAL
2010-06-18 18:29 . 2010-06-18 18:29        --------        d-----w-        d:\program files\Unigine
2010-06-18 01:04 . 2010-06-17 15:59        --------        d-----w-        d:\users\Computer\AppData\Roaming\mIRC
2010-06-17 20:45 . 2010-06-17 20:45        --------        d-----w-        d:\program files\mIRC
2010-06-17 16:05 . 2010-06-17 16:01        --------        d-----w-        d:\program files\Gamers.IRC
2010-06-12 11:50 . 2010-06-12 11:48        --------        d-----w-        d:\program files\ICQ7.2
2010-06-12 11:49 . 2010-06-12 11:49        --------        d-----w-        d:\program files\ICQ6Toolbar
2010-06-12 11:49 . 2010-06-12 11:48        --------        d-----w-        d:\programdata\ICQ
2010-06-07 17:00 . 2010-06-07 17:00        --------        d-----w-        d:\program files\ShiftWindow
2010-06-03 12:02 . 2010-06-03 12:02        --------        d-----w-        d:\program files\ASUS
2010-06-03 12:01 . 2010-06-03 12:01        14336        ----a-w-        d:\windows\system32\drivers\EIO.sys
2010-06-03 12:01 . 2010-03-02 18:39        --------        d-----w-        d:\program files\Common Files\InstallShield
2010-06-03 02:41 . 2010-06-03 02:41        3600384        ----a-w-        d:\windows\system32\GPhotos.scr
2010-06-02 02:55 . 2010-06-18 18:46        74072        ----a-w-        d:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-18 18:46        527192        ----a-w-        d:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-18 18:46        239960        ----a-w-        d:\windows\system32\xactengine3_7.dll
2010-06-01 19:25 . 2010-05-23 15:09        190        ----a-w-        d:\users\Computer\UIdata.dat
2010-05-27 07:24 . 2010-06-10 10:18        34304        ----a-w-        d:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-10 10:18        293888        ----a-w-        d:\windows\system32\atmfd.dll
2010-05-26 12:40 . 2010-03-02 17:51        62952        ----a-w-        d:\users\Computer\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 09:41 . 2010-06-18 18:46        2106216        ----a-w-        d:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-18 18:46        1868128        ----a-w-        d:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-06-18 18:46        470880        ----a-w-        d:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-18 18:46        248672        ----a-w-        d:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-18 18:46        1998168        ----a-w-        d:\windows\system32\D3DX9_43.dll
2010-05-21 12:14 . 2009-10-14 02:21        221568        ------w-        d:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-10 10:18        977920        ----a-w-        d:\windows\system32\wininet.dll
2010-05-11 16:02 . 2010-05-11 16:02        22486        ----a-r-        d:\users\Computer\AppData\Roaming\Microsoft\Installer\{E1CD7BA2-B906-40F5-902C-31177F040CB4}\NewShortcut3_E1CD7BA2B90640F5902C31177F040CB4_8.exe
2010-05-11 16:02 . 2010-05-11 16:02        22486        ----a-r-        d:\users\Computer\AppData\Roaming\Microsoft\Installer\{E1CD7BA2-B906-40F5-902C-31177F040CB4}\NewShortcut1_E1CD7BA2B90640F5902C31177F040CB4_9.exe
2010-05-11 16:02 . 2010-05-11 16:02        22486        ----a-r-        d:\users\Computer\AppData\Roaming\Microsoft\Installer\{E1CD7BA2-B906-40F5-902C-31177F040CB4}\ARPPRODUCTICON.exe
2010-05-01 14:49 . 2010-06-10 10:18        2326528        ----a-w-        d:\windows\system32\win32k.sys
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        d:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        d:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Rainlendar2"="d:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]
"AdobeBridge"="" [BU]
"ICQ"="d:\program files\ICQ7.2\ICQ.exe" [2010-06-12 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\D:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=d:\windows\pss\InterVideo WinCinema Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\D:^Users^Computer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=d:\users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=d:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58        611712        ----a-w-        d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 08:52        1234216        ----a-w-        d:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53        421888        ----a-w-        d:\program files\QuickTime\QTTask.exe

R2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 136176]
S0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys [2010-07-06 64288]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;d:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-06 1352832]
S2 NAUpdate;Nero Update;d:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;d:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-02-21 240232]
S3 RTL8167;Realtek 8167 NT-Treiber;d:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - MBAMSwissArmy
.
Inhalt des "geplante Tasks" Ordners

2010-07-29 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 13:25]

2010-07-29 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 13:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.yahoo.com
FF - ProfilePath - d:\users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\70dndfqr.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: d:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npdivx32.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\NPSibelius.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: d:\programme\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-07-29  18:21:45
ComboFix-quarantined-files.txt  2010-07-29 16:21

Vor Suchlauf: 38 Verzeichnis(se), 304.906.829.824 Bytes frei
Nach Suchlauf: 44 Verzeichnis(se), 305.727.967.232 Bytes frei

- - End Of File - - 589A67AA3132981240A065ED1AD51D2B
MfG Tim0

markusg 29.07.2010 18:17
download mbrcheck
http://ad13.geekstogo.com/MBRCheck.exe
doppelklicke das programm, mbrcheck wird starten, wenn fertig, poste den inhalt der mbrcheck(datum).txt
zu finden auf dem desktop

Tim0 29.07.2010 18:24
Code:
MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0



      Size  Device Name          MBR Status

  --------------------------------------------

    465 GB  \\.\PhysicalDrive0  Known-bad MBR code detected (Whistler / Black Internet)!





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

markusg 29.07.2010 18:50
starte mbrcheck, nach dem scan wirst du folgendes sehen.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
du nimmst y for more options
dann
[2] Restore the MBR of a physical disk with a standard boot code.
drücke also 2
als nächstes
Enter the physical disk number to fix (0-99, -1 to cancel): 0
wähle 0
[ 0] Default (Windows XP)
drücke 0
jetzt wird folgendes erscheinen:
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
drücke enter
am ende sollte "done" da stehen.
schließe das programm, starte den pc neu. führe mbrcheck noch mal aus, poste das neue log.

Tim0 29.07.2010 19:07
Code:
MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0



      Size  Device Name          MBR Status

  --------------------------------------------

    465 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected





Done!  Press ENTER to exit...

markusg 29.07.2010 19:08
ok noch langsam? der pc meine ich.

Tim0 29.07.2010 19:12
Jetzt gerade beim Neustart leider ja.
Aber es kann auch sein das es mir nur so vor kam weil ich so drauf geachtet habe.
Ich werde den Computer jetzt eine weile überwachen ob das Bild wieder einfriert etc.
Vorweg schon mal Dankeschön für deine Mühe :)

MfG Tim0

markusg 29.07.2010 19:15
schau mal nach und meld dich bald, ich möchte sowieso noch abschließende prüfungen machen

Tim0 30.07.2010 08:36
Also eingefroren ist er bisher nicht mehr aber der Start dauert für mein System doch schon enorm lange.
Ich habe beim starten mal auf die Uhr geschaut, der Start hat gut 5 min. gedauert.

MfG Tim0


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:52 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19